Malware Analysis Report

2024-11-30 15:07

Sample ID 201105-qhajlp5p1e
Target a.scr
SHA256 1589137eea1bc46db43c9b9229402646773876d527585f68fd58d37add5d8402
Tags
phorphiex evasion loader persistence trojan worm ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1589137eea1bc46db43c9b9229402646773876d527585f68fd58d37add5d8402

Threat Level: Known bad

The file a.scr was found to be: Known bad.

Malicious Activity Summary

phorphiex evasion loader persistence trojan worm ransomware

Windows security bypass

Phorphiex Worm

Executes dropped EXE

Loads dropped DLL

Windows security modification

Adds Run key to start application

Enumerates connected drives

Drops desktop.ini file(s)

Drops file in Program Files directory

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-11-05 16:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2020-11-05 16:25

Reported

2020-11-05 16:27

Platform

win7v20201028

Max time kernel

149s

Max time network

78s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a.scr" /S

Signatures

Phorphiex Worm

worm trojan loader phorphiex

Windows security bypass

evasion trojan

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\24857.exe N/A
N/A N/A C:\65971246227968\winsvcs.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a.scr N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24857.exe N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" C:\65971246227968\winsvcs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" C:\65971246227968\winsvcs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" C:\65971246227968\winsvcs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" C:\65971246227968\winsvcs.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Services = "C:\\65971246227968\\winsvcs.exe" C:\Users\Admin\AppData\Local\Temp\24857.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Services = "C:\\65971246227968\\winsvcs.exe" C:\Users\Admin\AppData\Local\Temp\24857.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\DllHost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a.scr

"C:\Users\Admin\AppData\Local\Temp\a.scr" /S

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c start C:\Users\Admin\AppData\Local\Temp\33427.jpg

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}

C:\Users\Admin\AppData\Local\Temp\24857.exe

C:\Users\Admin\AppData\Local\Temp\24857.exe

C:\65971246227968\winsvcs.exe

C:\65971246227968\winsvcs.exe

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 trik.ws udp
N/A 217.8.117.10:80 trik.ws tcp
N/A 217.8.117.10:80 trik.ws tcp
N/A 217.8.117.10:80 trik.ws tcp
N/A 217.8.117.10:80 trik.ws tcp

Files

memory/1752-0-0x000007FEF5BC0000-0x000007FEF5E3A000-memory.dmp

memory/436-1-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\33427.jpg

MD5 a603d35899017876f5cbea46dbf223d4
SHA1 bbe3b9dc5ca78b399ae151afc0f03972e710b23b
SHA256 2fbfd083e8286b5715afc2b0f0b84dc11d211e18a4bdd3f9b4af6d5a2e833ab4
SHA512 14100ee11d31da7dc051600c66e175569ad6026a550fa1167e5ecffee0f84bd6487b65eec45e32ac2e2b9b5bc338a952657187945bab7530896294d6e4cbc78f

\Users\Admin\AppData\Local\Temp\24857.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

memory/332-4-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\24857.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

C:\Users\Admin\AppData\Local\Temp\24857.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

\65971246227968\winsvcs.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

memory/872-8-0x0000000000000000-mapping.dmp

C:\65971246227968\winsvcs.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

C:\65971246227968\winsvcs.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

Analysis: behavioral2

Detonation Overview

Submitted

2020-11-05 16:25

Reported

2020-11-05 16:27

Platform

win10v20201028

Max time kernel

53s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a.scr" /S

Signatures

Phorphiex Worm

worm trojan loader phorphiex

Windows security bypass

evasion trojan

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21292.exe N/A
N/A N/A C:\221622968119831\winsvcs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" C:\221622968119831\winsvcs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" C:\221622968119831\winsvcs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" C:\221622968119831\winsvcs.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" C:\221622968119831\winsvcs.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Services = "C:\\221622968119831\\winsvcs.exe" C:\Users\Admin\AppData\Local\Temp\21292.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Services = "C:\\221622968119831\\winsvcs.exe" C:\Users\Admin\AppData\Local\Temp\21292.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome.dll.sig C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\bg.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\DisableCompare.tmp C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\he-IL\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado26.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\adcvbs.inc C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\EnterSubmit.scf C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\CheckpointResolve.php C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Triedit\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\SmallLogo.png C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\LICENSE C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\SetupMetrics\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msdaprsr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\fr.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msdaremr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\_platform_specific\win_x64\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ml.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmic.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\adovbs.inc C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\youtube.crx C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\classfile_constants.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Internet Explorer\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javac.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msador28.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\CopyGet.mpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\SmallLogoCanary.png C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgePackages.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\7-Zip\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\wab32res.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmiregistry.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\bn.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\mojo_core.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msdfmap.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msadox.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\hu.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sw.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\bci.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javafxpackager.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ar-SA\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nb.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\sysinfo.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\awt.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\BlockSelect.cr2 C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\pl.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\include\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrome.7z C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\vi.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\sqmapi.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\System\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\docs.crx C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\images\bing.ico C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\he.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\MEIPreload\manifest.json C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\include\win32\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\lt.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.war C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_de_DE.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\de.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\es-419.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\gu.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\ij.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\BackupSync.mp2 C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\EnableSend.ppt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pl.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado15.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\nb.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setEmbeddedCP C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\adojavas.inc C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\SmallLogoDev.png C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\derby_common.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\ApproveRepair.crw C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\jfr\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkServerCP C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\wab32.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\LogoBeta.png C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\it.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\msxactps.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msaddsr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\external_extensions.json C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pl-PL\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\te.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\sqloledb.rll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\LogoCanary.png C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sv.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\el.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbytools.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Bears.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\Services\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\SetupMetrics\20201028183044.pma C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jvmticmlr.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\_platform_specific\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\IEShims.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\SIGNUP\install.ins C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\7-Zip\Lang\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\v8_context_snapshot.bin C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\ExitSearch.mpeg3 C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\zh-TW.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javadoc.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\sqloledb.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\serialver.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome_elf.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\ApproveEdit.bmp C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\SetupMetrics\20201028183016.pma C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\Extensions\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\CompareReceive.xlsm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\CompressDisable.MTS C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msadomd.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\uk.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\System\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Content.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msadox28.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ms.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Internet Explorer\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msadco.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\MEIPreload\preloaded_data.pb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-CN\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyclient.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\wsimport.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\resources.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\java.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\swiftshader\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javapackager.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\el-GR\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_fr.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Roses.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\dtplugin\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ja_JP.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\Logo.png C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_hu.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\icudtl.dat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\id.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sq.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ko.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hi.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ar.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\amd64\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\applet\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\db\lib\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\3RDPARTY C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Triedit\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\LICENSE C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ru-RU\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\servertool.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\msdaosp.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\klist.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eu.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome_200_percent.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\fi.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\ij C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msadcer.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCallbacks.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sl.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tr-TR\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado25.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\DirectDB.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jvmti.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\HideRedo.MOD C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Internet Explorer\images\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msdaprst.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\en-GB.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\86.0.4240.111.manifest C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jawt.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\eventlog_provider.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-CA\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uk.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\msvcr100.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\swiftshader\libEGL.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\cs.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pt_BR.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msador15.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\swiftshader\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msadrh15.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\hmmapi.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\bin\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkClientCP.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\id.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\nl.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\adcjavas.inc C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setEmbeddedCP.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sr.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jhat.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\da.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\System\msadc\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbynet.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msadcor.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\RELEASE-NOTES.html C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Stars.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\oledb32r.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\fil.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\fa.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\jawt_md.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sk-SK\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mraut.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ja.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\tnameserv.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\nacl_irt_x86_64.nexe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\master_preferences C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javap.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jni.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\drive.crx C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jmc.ini C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\attach.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\Services\verisign.bmp C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\et.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\orbd.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.c C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\el.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ru.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\MEIPreload\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\default_apps\gmail.crx C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\hr.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ro.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\TextConv\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\en-US\wab32res.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\AccessBridgeCalls.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\NOTICE C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\IPSEventLogMsg.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\sk.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_zh_TW.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ca.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ru.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derby.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\msdasql.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\hi.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\kn.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\TextConv\en-US\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\it.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jmc.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\ta.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msader15.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_es.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\bg-BG\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\am.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\COPYRIGHT C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\javafx-src.zip C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\libEGL.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ro.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\CopyGet.tif C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\DESIGNER\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Extensions\external_extensions.json C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\es.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VGX\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\System\ado\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado28.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado21.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome.exe.sig C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msadds.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jdwpTransport.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkServerCP.bat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Garden.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyoptionaltools.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\EnableBlock.dwg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\msdaps.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\pt-BR.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_cs.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_it.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ro-RO\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\lv.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ko_KR.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\db\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\mr.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\BlockClear.tiff C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\msdatl3.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\micaut.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msadomd28.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msdarem.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jli.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\xjc.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado27.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\WidevineCdm\manifest.json C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\dropins\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sk.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sl-SI\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyrun.jar C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\LogoDev.png C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\oledb32.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado60.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\tr.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\th.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\dcpr.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\msadce.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\VisualElements\SmallLogoBeta.png C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\pt-PT.pak C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\sysinfo C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Stationery\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\da.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado20.tlb C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\ApproveRestart.scf C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\da-DK\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ieinstal.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\setNetworkClientCP C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Google\Chrome\Application\86.0.4240.111\Locales\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\db\bin\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\win32\jni_md.h C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\Read_Me.txt C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2465529280.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a.scr

"C:\Users\Admin\AppData\Local\Temp\a.scr" /S

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c start C:\Users\Admin\AppData\Local\Temp\33137.jpg

C:\Users\Admin\AppData\Local\Temp\21292.exe

C:\Users\Admin\AppData\Local\Temp\21292.exe

C:\221622968119831\winsvcs.exe

C:\221622968119831\winsvcs.exe

C:\Users\Admin\AppData\Local\Temp\2465529280.exe

C:\Users\Admin\AppData\Local\Temp\2465529280.exe

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 trik.ws udp
N/A 217.8.117.10:80 trik.ws tcp
N/A 217.8.117.10:80 trik.ws tcp
N/A 217.8.117.10:80 trik.ws tcp
N/A 8.8.8.8:53 304049943.ws udp
N/A 64.70.19.203:80 304049943.ws tcp
N/A 64.70.19.203:80 304049943.ws tcp
N/A 64.70.19.203:80 304049943.ws tcp

Files

memory/3892-0-0x0000000000000000-mapping.dmp

memory/3628-1-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\21292.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

C:\Users\Admin\AppData\Local\Temp\21292.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

C:\221622968119831\winsvcs.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

memory/576-4-0x0000000000000000-mapping.dmp

C:\221622968119831\winsvcs.exe

MD5 c4f7ad9cdb934e4414e2cf58eb0062d1
SHA1 30268fc11e0ef7e54e219ef0dee3b75734a85c67
SHA256 3ee3db80ebec5075b9dfb525f00bc9a494af450a9d650c995fbe01e0ec2c84b8
SHA512 5259699a3a075d41928ec8079e0bdef33176261cc4d63f3287377cc58f01f755468a850abb1c2552245dfb2814c9245f7ff0b77620fd669661ff8edf8cf83a38

memory/2072-7-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\2465529280.exe

MD5 7d52884b375ce8b6182f1c53f0f1c496
SHA1 6b70e90b0dada8d93c61caa678e76ce2abcbc76b
SHA256 9c48e8a5f83614f685249486a13a8a132660f37d11c5f55581414dbf02091021
SHA512 24350255bda3672cce0ff22221e5973cd69f5b8470eb642e9679c3c006716271af8f32a2d4ee5309949c746eb9cb15bba411052fd4935a2a2b436501c7b4a515

C:\Users\Admin\AppData\Local\Temp\2465529280.exe

MD5 7d52884b375ce8b6182f1c53f0f1c496
SHA1 6b70e90b0dada8d93c61caa678e76ce2abcbc76b
SHA256 9c48e8a5f83614f685249486a13a8a132660f37d11c5f55581414dbf02091021
SHA512 24350255bda3672cce0ff22221e5973cd69f5b8470eb642e9679c3c006716271af8f32a2d4ee5309949c746eb9cb15bba411052fd4935a2a2b436501c7b4a515

memory/2072-11-0x0000000004C00000-0x0000000004CC3000-memory.dmp

memory/2072-26-0x0000000004C00000-0x0000000004CC8000-memory.dmp