Analysis
-
max time kernel
53s -
max time network
130s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
05-11-2020 16:25
Static task
static1
Behavioral task
behavioral1
Sample
a.scr
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a.scr
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
a.scr
-
Size
15KB
-
MD5
ba74a7cb5a12d713229105df94a9e418
-
SHA1
c128af146a1f7ed27d702aa6ad7600d7ca3510cb
-
SHA256
1589137eea1bc46db43c9b9229402646773876d527585f68fd58d37add5d8402
-
SHA512
897c3906884ec1c836831308d023fc06e3b9aa92e8ef0fe8692d66f2965fce45d63eca2a936e5a6672a28fefa4b52ae0812eacfe3b27526509a19d105aba6eee
Malware Config
Extracted
Path
C:\221622968119831\Read_Me.txt
Ransom Note
Attention!
All your files, documents, photos, databases and other important files are encrypted
The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files.
The server with your decryptor is in a closed network TOR. You can get there by the following ways:
----------------------------------------------------------------------------------------
1. Download Tor browser - https://www.torproject.org/
2. Install Tor browser
3. Open Tor Browser
4. Open link in TOR browser: http://25xb3kc6azicbbuo.onion/?DUWYZBCE
5. Follow the instructions on this page
----------------------------------------------------------------------------------------
On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.
Alternate communication channel here: http://helpqvrg3cc5mvb3.onion/
URLs
http://25xb3kc6azicbbuo.onion/?DUWYZBCE
http://helpqvrg3cc5mvb3.onion/
Signatures
-
Executes dropped EXE 3 IoCs
pid Process 3628 21292.exe 576 winsvcs.exe 2072 2465529280.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" winsvcs.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" winsvcs.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" winsvcs.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" winsvcs.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Services = "C:\\221622968119831\\winsvcs.exe" 21292.exe Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Services = "C:\\221622968119831\\winsvcs.exe" 21292.exe -
Drops desktop.ini file(s) 2 IoCs
description ioc Process File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini 2465529280.exe File opened for modification C:\Program Files\desktop.ini 2465529280.exe -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\V: 2465529280.exe File opened (read-only) \??\B: 2465529280.exe File opened (read-only) \??\E: 2465529280.exe File opened (read-only) \??\R: 2465529280.exe File opened (read-only) \??\Y: 2465529280.exe File opened (read-only) \??\O: 2465529280.exe File opened (read-only) \??\G: 2465529280.exe File opened (read-only) \??\X: 2465529280.exe File opened (read-only) \??\W: 2465529280.exe File opened (read-only) \??\T: 2465529280.exe File opened (read-only) \??\P: 2465529280.exe File opened (read-only) \??\H: 2465529280.exe File opened (read-only) \??\L: 2465529280.exe File opened (read-only) \??\I: 2465529280.exe File opened (read-only) \??\A: 2465529280.exe File opened (read-only) \??\S: 2465529280.exe File opened (read-only) \??\N: 2465529280.exe File opened (read-only) \??\M: 2465529280.exe File opened (read-only) \??\Q: 2465529280.exe File opened (read-only) \??\U: 2465529280.exe File opened (read-only) \??\F: 2465529280.exe File opened (read-only) \??\J: 2465529280.exe File opened (read-only) \??\K: 2465529280.exe File opened (read-only) \??\Z: 2465529280.exe -
Drops file in Program Files directory 876 IoCs
description ioc Process File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome.dll.sig 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\elevation_service.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\bg.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll 2465529280.exe File created C:\Program Files\Google\Chrome\Application\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\hu.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\gu.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui 2465529280.exe File opened for modification C:\Program Files\DisableCompare.tmp 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msado26.tlb 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\adcvbs.inc 2465529280.exe File opened for modification C:\Program Files\EnterSubmit.scf 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml 2465529280.exe File opened for modification C:\Program Files\CheckpointResolve.php 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\Triedit\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\SmallLogo.png 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\LICENSE 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\Read_Me.txt 2465529280.exe File created C:\Program Files\Google\Chrome\Application\SetupMetrics\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msdaprsr.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\is.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\fr.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\gl.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msdaremr.dll 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\_platform_specific\win_x64\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ml.pak 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmic.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\co.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\adovbs.inc 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\be.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\youtube.crx 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\classfile_constants.h 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt 2465529280.exe File created C:\Program Files\Internet Explorer\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msador28.tlb 2465529280.exe File opened for modification C:\Program Files\CopyGet.mpg 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\SmallLogoCanary.png 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\policytool.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\he.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgePackages.h 2465529280.exe File created C:\Program Files\7-Zip\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg 2465529280.exe File opened for modification C:\Program Files\Common Files\System\wab32res.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\7-zip32.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ba.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\bn.pak 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\mojo_core.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msdfmap.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msadox.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\hu.pak 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sw.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\bci.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\bn.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\sysinfo.bat 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\awt.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\BlockSelect.cr2 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\pl.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\et.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\include\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrome.7z 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\vi.pak 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\sqmapi.dll 2465529280.exe File created C:\Program Files\Common Files\System\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\docs.crx 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\images\bing.ico 2465529280.exe File opened for modification C:\Program Files\7-Zip\descript.ion 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\he.pak 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\MEIPreload\manifest.json 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\include\win32\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\lt.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.war 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_de_DE.jar 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\de.pak 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\es-419.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\gu.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ca.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui 2465529280.exe File opened for modification C:\Program Files\7-Zip\7z.sfx 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\en-US.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\ij.bat 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\tr.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll 2465529280.exe File opened for modification C:\Program Files\BackupSync.mp2 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man 2465529280.exe File opened for modification C:\Program Files\EnableSend.ppt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pl.jar 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\va.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msado15.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\nb.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\readme.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setEmbeddedCP 2465529280.exe File opened for modification C:\Program Files\7-Zip\7z.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\fa.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\adojavas.inc 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\SmallLogoDev.png 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\derby_common.bat 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\an.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer 2465529280.exe File opened for modification C:\Program Files\ApproveRepair.crw 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkServerCP 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ms.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\System\wab32.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\LogoBeta.png 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\zh-CN.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msxactps.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\History.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\VC\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msaddsr.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\external_extensions.json 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\pl-PL\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\te.pak 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\sqloledb.rll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\LogoCanary.png 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sv.pak 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\notification_helper.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\el.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbytools.jar 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui 2465529280.exe File created C:\Program Files\Google\Chrome\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\vi.txt 2465529280.exe File created C:\Program Files\Common Files\Services\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\SetupMetrics\20201028183044.pma 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jvmticmlr.h 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ga.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\fur.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\_platform_specific\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\libGLESv2.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\IEShims.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml 2465529280.exe File opened for modification C:\Program Files\7-Zip\License.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\SIGNUP\install.ins 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\yo.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\Read_Me.txt 2465529280.exe File created C:\Program Files\7-Zip\Lang\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\v8_context_snapshot.bin 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll 2465529280.exe File opened for modification C:\Program Files\ExitSearch.mpeg3 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\zh-TW.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\sqloledb.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\serialver.exe 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome_elf.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm 2465529280.exe File opened for modification C:\Program Files\ApproveEdit.bmp 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\SetupMetrics\20201028183016.pma 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\Extensions\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml 2465529280.exe File opened for modification C:\Program Files\CompareReceive.xlsm 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\CompressDisable.MTS 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msadomd.dll 2465529280.exe File created C:\Program Files\Common Files\System\Ole DB\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\uk.pak 2465529280.exe File created C:\Program Files\Common Files\System\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\desktop.ini 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Content.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msadox28.tlb 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ms.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui 2465529280.exe File created C:\Program Files\Internet Explorer\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadco.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\MEIPreload\preloaded_data.pb 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyclient.jar 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\wsimport.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\resources.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe 2465529280.exe File created C:\Program Files\Internet Explorer\SIGNUP\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\java.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\swiftshader\libGLESv2.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_fr.jar 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\sv.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ja_JP.jar 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome_pwa_launcher.exe 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\Logo.png 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_hu.jar 2465529280.exe File opened for modification C:\Program Files\7-Zip\7-zip.chm 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\icudtl.dat 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\id.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ku.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\sq.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\mr.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ko.pak 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\hi.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\setup.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ar.pak 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\db\lib\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\ktab.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\3RDPARTY 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\Triedit\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\LICENSE 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msdaosp.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\fr.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\eu.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\bg.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome_200_percent.pak 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\fi.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ta.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ast.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\ij 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadcer.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCallbacks.h 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sl.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ky.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msado25.tlb 2465529280.exe File opened for modification C:\Program Files\Common Files\System\DirectDB.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jvmti.h 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\HideRedo.MOD 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll 2465529280.exe File created C:\Program Files\Internet Explorer\images\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msdaprst.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\en-GB.pak 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\86.0.4240.111.manifest 2465529280.exe File opened for modification C:\Program Files\7-Zip\7-zip.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jawt.h 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\uz.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\7z.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\eventlog_provider.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\uk.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\cs.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\fy.txt 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\msvcr100.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\az.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\swiftshader\libEGL.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\cs.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pt_BR.jar 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msador15.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\swiftshader\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msadrh15.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\hmmapi.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\es.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\bin\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkClientCP.bat 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\id.pak 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\nl.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\adcjavas.inc 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook.bat 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setEmbeddedCP.bat 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sr.pak 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui 2465529280.exe File created C:\Program Files\Common Files\System\msadc\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\da.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\mk.txt 2465529280.exe File created C:\Program Files\Common Files\System\msadc\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbynet.jar 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadcor.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\Read_Me.txt 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\oledb32r.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\mn.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\fil.pak 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\fa.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\jawt_md.h 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mraut.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ja.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\tnameserv.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\th.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\nacl_irt_x86_64.nexe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\master_preferences 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\sa.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\io.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jni.h 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\drive.crx 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jmc.ini 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\attach.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\de.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\Services\verisign.bmp 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\et.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\orbd.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\7zCon.sfx 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.c 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe 2465529280.exe File created C:\Program Files\Common Files\System\ado\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\el.pak 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ru.pak 2465529280.exe File created C:\Program Files\Google\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ja.txt 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\MEIPreload\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\gmail.crx 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_CN.jar 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\hr.pak 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ro.pak 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\TextConv\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\en-US\wab32res.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.h 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\NOTICE 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\IPSEventLogMsg.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\lv.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sk.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer.bat 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_TW.jar 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\br.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ca.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ru.jar 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.jar 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ko.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msdasql.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml 2465529280.exe File created C:\Program Files\Common Files\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\d3dcompiler_47.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\hi.pak 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml 2465529280.exe File created C:\Program Files\Common Files\System\Ole DB\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\kn.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\TextConv\en-US\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl.bat 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\cy.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\it.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\Source Engine\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ta.pak 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ru.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\nn.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msader15.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer.bat 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\mng.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\lij.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_es.jar 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\am.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\COPYRIGHT 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\javafx-src.zip 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\libEGL.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\eo.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ro.txt 2465529280.exe File opened for modification C:\Program Files\CopyGet.tif 2465529280.exe File created C:\Program Files\Common Files\DESIGNER\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Extensions\external_extensions.json 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\es.pak 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\VGX\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\System\ado\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msado28.tlb 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\kk.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msado21.tlb 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome.exe.sig 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadds.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jdwpTransport.h 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkServerCP.bat 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyoptionaltools.jar 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\EnableBlock.dwg 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ext.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msdaps.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\pt-BR.pak 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_cs.jar 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_it.jar 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\lv.pak 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ar.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ko_KR.jar 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\db\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\mr.pak 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\BlockClear.tiff 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msdatl3.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\lt.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\micaut.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msadomd28.tlb 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msdarem.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome_100_percent.pak 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ug.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\ps.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jli.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\xjc.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml 2465529280.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msado27.tlb 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\manifest.json 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\sl.txt 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\sk.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyrun.jar 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\LogoDev.png 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\oledb32.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msado60.tlb 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\tr.pak 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\th.pak 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\keytool.exe 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\dcpr.dll 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\en.ttt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadce.dll 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\SmallLogoBeta.png 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\pt-PT.pak 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\nl.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\sysinfo 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\tt.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\Stationery\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\da.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\System\ado\msado20.tlb 2465529280.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB 2465529280.exe File opened for modification C:\Program Files\ApproveRestart.scf 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui 2465529280.exe File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe 2465529280.exe File opened for modification C:\Program Files\7-Zip\Lang\af.txt 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkClientCP 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man 2465529280.exe File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\db\bin\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\Read_Me.txt 2465529280.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\Read_Me.txt 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\Read_Me.txt 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms 2465529280.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\jni_md.h 2465529280.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll 2465529280.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\Read_Me.txt 2465529280.exe -
Suspicious behavior: EnumeratesProcesses 802 IoCs
pid Process 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe 2072 2465529280.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 1112 wrote to memory of 3892 1112 a.scr 79 PID 1112 wrote to memory of 3892 1112 a.scr 79 PID 1112 wrote to memory of 3892 1112 a.scr 79 PID 1112 wrote to memory of 3628 1112 a.scr 81 PID 1112 wrote to memory of 3628 1112 a.scr 81 PID 1112 wrote to memory of 3628 1112 a.scr 81 PID 3628 wrote to memory of 576 3628 21292.exe 82 PID 3628 wrote to memory of 576 3628 21292.exe 82 PID 3628 wrote to memory of 576 3628 21292.exe 82 PID 576 wrote to memory of 2072 576 winsvcs.exe 83 PID 576 wrote to memory of 2072 576 winsvcs.exe 83 PID 576 wrote to memory of 2072 576 winsvcs.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\a.scr"C:\Users\Admin\AppData\Local\Temp\a.scr" /S1⤵
- Suspicious use of WriteProcessMemory
PID:1112 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c start C:\Users\Admin\AppData\Local\Temp\33137.jpg2⤵PID:3892
-
-
C:\Users\Admin\AppData\Local\Temp\21292.exeC:\Users\Admin\AppData\Local\Temp\21292.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3628 -
C:\221622968119831\winsvcs.exeC:\221622968119831\winsvcs.exe3⤵
- Executes dropped EXE
- Windows security modification
- Suspicious use of WriteProcessMemory
PID:576 -
C:\Users\Admin\AppData\Local\Temp\2465529280.exeC:\Users\Admin\AppData\Local\Temp\2465529280.exe4⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2072
-
-
-