c41d1ff004b7e49d601b10e11e3591a99da6c95dcc1272fdcbeb8663e502e83b

Analysis

max time kernel
147s
max time network
157s
platform
windows7_x64
resource
win7v200430
submitted
23/05/2020, 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2020-05-22_17-36-19.bin.exe
Size

448KB
MD5

412568f078ec521bdba6ae14b9f36823
SHA1

3e5a80fe286834f6d5f0aaf014a420ec40ebad7d
SHA256

e2c2a80cb4ecc511f30d72b3487cb9023b40a25f6bbe07a92f47230fb76544f4
SHA512

9e979c3873778991bfd05b22370fbab32f7ec16dd78b8c3f2b0f54ccfd26fcdfc84f881bdf4414d24228ad2a19ef00ecb062dd5e9e2e243966f1276698f1ff85

Score

10^/10

ransomware persistence spyware evasion trojan

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_LOCK.TXT

Ransom Note

############################################################# ################# YOUR FILES WERE ENCRYPTED ################# ############ AND MARKED BY EXTENSION .corona-lock ########### ############################################################# -- DON'T WORRY! YOUR FILES ARE SAFE! ONLY MODIFIED :: ChaCha + AES WE STRONGLY RECOMMEND you NOT to use any Decryption Tools. These tools can damage your data, making recover IMPOSSIBLE. Also we recommend you not to contact data recovery companies. They will just contact us, buy the key and sell it to you at a higher price. If you want to decrypt your files, you have to get RSA private key. -- To get RSA private key you have to contact us via email to: ---------------------------->> [email protected] << and send us your id: >> 1598982272 << -- HOW to understand that we are NOT scammers? You can ask SUPPORT for the TEST-decryption for ONE file! -- ############################################################# ################## LIST OF ENCRYPTED FILES ################## ------------------------------------------------------------- C:\vcredist2010_x64.log-MSI_vc_red.msi.txt 372682 C:\vcredist2010_x64.log.html 88914 C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log 169690 C:\Program Files\Mozilla Firefox\precomplete 2865 C:\Program Files\Mozilla Firefox\removed-files 16 C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log 197548 C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log 171954 C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log 193090 C:\Users\Admin\deployment.properties 1646 C:\Users\Admin\ntuser.dat.LOG1 0 C:\Users\Admin\ntuser.dat.LOG2 0 C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf 0 C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms 0 C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms 0 C:\Users\Default\NTUSER.DAT.LOG 1024 C:\vcredist2019_x64_001_vcRuntimeMinimum_x64.log 120802 C:\Users\Default\NTUSER.DAT.LOG1 189440 C:\Users\Default\NTUSER.DAT.LOG2 0 C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf 65536 C:\vcredist2019_x64_002_vcRuntimeAdditional_x64.log 131680 C:\Recovery\44e79742-8b20-11ea-a722-f2e765a3a928\boot.sdi 3170304 C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms 524288 C:\Program Files\Java\jre7\COPYRIGHT 3409 C:\Program Files\Java\jre7\LICENSE 41 C:\Program Files\Java\jre7\release 507 C:\Program Files (x86)\Common Files\Adobe AIR\sentinel 11 C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms 524288 C:\Users\Admin\Contacts\Admin.contact 68374 C:\Users\Public\Libraries\RecordedTV.library-ms 876 C:\Users\Admin\Desktop\BackupComplete.rar 771573 C:\Users\Admin\Desktop\DebugComplete.wpl 483868 C:\Users\Admin\Desktop\DismountTest.001 1072326 C:\Users\Admin\Desktop\FormatDeny.dib 274628 C:\Users\Admin\Desktop\ImportApprove.odt 405403 C:\Users\Admin\Desktop\InvokeCopy.ocx 562333 C:\Users\Admin\Music\CompareOut.DVR-MS 837460 C:\Users\Admin\Desktop\LockStart.aiff 719263 C:\Users\Admin\Music\ComparePush.vst 657084 C:\Users\Admin\Music\CompressPush.crw 296332 C:\Users\Admin\Desktop\MeasureMount.dotm 510023 C:\Users\Admin\Desktop\MoveConvertFrom.mpv2 379248 C:\Users\Admin\Music\ConfirmOpen.MOD 708620 C:\Users\Admin\Music\CopySend.mht 605548 C:\Users\Admin\Desktop\ProtectStep.crw 457713 C:\Users\Admin\Downloads\AssertUse.ADT 595470 C:\Users\Admin\Documents\Are.docx 11525 C:\Users\Admin\Documents\CheckpointUnpublish.vsw 2166705 C:\Users\Admin\Documents\ClearWatch.vstx 1011129 C:\Users\Admin\Desktop\ReceiveResize.shtml 745418 C:\Users\Admin\Desktop\RemoveApprove.shtml 353093 C:\Users\Admin\Music\DenyRestart.MTS 760156 C:\Users\Admin\Desktop\RemoveUndo.ex_ 431558 C:\Users\Admin\Desktop\RevokeUnlock.bat 300783 C:\Users\Admin\Music\DismountReset.rtf 528244 C:\Users\Admin\Desktop\SearchDebug.php 666953 C:\Users\Admin\Desktop\SearchSuspend.lock 614643 C:\Users\Admin\Downloads\CheckpointRestart.mp2 297735 C:\Users\Admin\Downloads\CompleteResolve.xps 504855 C:\Users\Admin\Desktop\StepOut.pps 693108 C:\Users\Admin\Downloads\CompleteRestore.asx 543690 C:\Users\Admin\Downloads\CompressUnblock.wmv 271845 C:\Users\Admin\Downloads\CopySelect.wpl 440130 C:\Users\Admin\Pictures\ApproveExpand.emz 606800 C:\Users\Admin\Downloads\DebugMount.mhtml 336570 C:\Users\Admin\Music\EnableSubmit.avi 682852 C:\Users\Admin\Music\ImportSkip.vdx 399404 C:\Users\Admin\Music\PingWrite.mp3 450940 C:\Users\Admin\Music\ProtectCompare.mhtml 322100 C:\Users\Admin\Music\ReadResize.crw 554012 C:\Users\Admin\Downloads\DebugSend.wpl 284790 C:\Users\Admin\Downloads\DisableBlock.bmp 414240 C:\Users\Admin\Downloads\ExitDismount.mpg 569580 C:\Users\Admin\Downloads\ExitPush.eps 245955 C:\Users\Admin\Documents\DisableLimit.odt 1588917 C:\Users\Admin\Desktop\StopWatch.cfg 536178 C:\Users\Admin\Music\ReceiveFind.asx 785924 C:\Users\Admin\Music\RegisterSend.tif 373636 C:\Users\Admin\Desktop\UninstallSwitch.pptm 640798 C:\Users\Admin\Music\RepairConvertTo.nfo 734388 C:\Users\Admin\Documents\Files.docx 11551 C:\Users\Admin\Music\RepairNew.shtml 425172 C:\Users\Admin\Music\RestartResize.dotx 579780 C:\Users\Admin\Downloads\ExportInvoke.avi 466020 C:\Users\Admin\Downloads\FindSync.rle 310680 C:\Users\Admin\Documents\MeasureStep.html 1733364 C:\Users\Admin\Desktop\WriteResize.m3u 588488 C:\Users\Admin\Pictures\ConvertFromStop.svg 546120 C:\Users\Admin\Pictures\ConvertRepair.svgz 631072 C:\Users\Admin\Music\SelectInvoke.ogg 1159776 C:\Users\Admin\Music\SplitSelect.i64 811692 C:\Users\Admin\Music\TestSend.mht 476708 C:\Users\Admin\Downloads\FormatUndo.jpeg 427185 C:\Users\Admin\Downloads\HideGet.scf 608415 C:\Users\Admin\Downloads\ImportReset.otf 530745 C:\Users\Admin\Downloads\InstallOptimize.svg 349515 C:\Users\Admin\Downloads\MountSync.svgz 647250 C:\Users\Admin\Downloads\OptimizeConfirm.wpl 673140 C:\Users\Admin\Documents\MountSwitch.vsw 2022258 C:\Users\Admin\Music\UseUnblock.au3 347868 C:\Users\Admin\Music\WaitCopy.reg 631316 C:\Users\Admin\Downloads\ProtectCompare.csv 582525 C:\Users\Admin\Downloads\PushGet.iso 362460 C:\Users\Admin\Downloads\ReadDismount.xla 491910 C:\Users\Admin\Downloads\ReceiveEnable.reg 258900 C:\Users\Admin\Pictures\ConvertToFormat.emz 521848 C:\Users\Admin\Downloads\RegisterDeny.snd 621360 C:\Users\Admin\Pictures\CopyGroup.crw 254856 C:\Users\Admin\Downloads\ResizePush.mp4 453075 C:\Users\Admin\Pictures\DebugConnect.tiff 618936 C:\Users\Admin\Pictures\DismountSave.jpeg 533984 C:\Users\Admin\Downloads\ResumeUse.ps1 919591 C:\Users\Admin\Pictures\EnterAdd.tif 291264 C:\Users\Admin\Downloads\SelectDisconnect.wpl 478965 C:\Users\Admin\Pictures\ExitFind.emf 364080 C:\Users\Admin\Downloads\SendUndo.fon 401295 C:\Users\Admin\Downloads\ShowUpdate.3gpp 660195 C:\Users\Admin\Downloads\TraceRedo.potx 233010 C:\Users\Admin\Downloads\UndoSkip.emz 517800 C:\Users\Admin\Downloads\UnregisterRepair.odt 323625 C:\Users\Admin\Downloads\UnregisterUnpublish.html 388350 C:\Users\Admin\Downloads\WaitUse.DVR 375405 C:\Users\Admin\Documents\NewSubmit.odt 2311152 C:\Users\Admin\Downloads\WatchOut.au3 634305 C:\Users\Admin\Pictures\FindDisconnect.raw 558256 C:\Users\Admin\Documents\Opened.docx 11538 C:\Users\Admin\Pictures\FindSelect.svgz 400488 C:\Users\Admin\Pictures\FindSelect.tif 303400 C:\Users\Admin\Pictures\FormatConvert.tif 862040 C:\Users\Admin\Pictures\FormatOpen.jpg 242720 C:\Users\Admin\Pictures\GrantInvoke.gif 424760 C:\Users\Admin\Documents\ReadConvertTo.xla 2744493 C:\Users\Admin\Pictures\GrantUnprotect.tif 327672 C:\Users\Admin\Pictures\HideSync.gif 266992 C:\Users\Admin\Pictures\InitializeSearch.bmp 388352 C:\Users\Admin\Pictures\InstallUpdate.cr2 315536 C:\Users\Admin\Pictures\LimitClear.svg 485440 C:\Users\Admin\Documents\Recently.docx 11533 C:\Users\Admin\Documents\RenameResize.pps 1155576 C:\Users\Admin\Pictures\LockReset.crw 449032 C:\Users\Admin\Pictures\NewResize.crw 582528 C:\Users\Admin\Pictures\PublishWatch.dib 594664 C:\Users\Admin\Pictures\PushFormat.ico 570392 C:\Users\Admin\Searches\Everywhere.search-ms 248 C:\Users\Admin\Searches\Indexed Locations.search-ms 248 C:\Users\Admin\Pictures\PushWrite.gif 351944 C:\Users\Admin\Pictures\RenameInitialize.dxf 461168 C:\Users\Admin\Documents\RepairUninstall.xml 1444470 C:\Users\Admin\Pictures\RequestPop.crw 376216 C:\Users\Admin\Pictures\ResizeUnpublish.ico 279128 C:\Users\Admin\Pictures\ResolveEnable.svgz 230584 C:\Users\Admin\Pictures\RestartSuspend.svgz 509712 C:\Users\Admin\Pictures\SelectUnpublish.emz 473304 C:\Users\Admin\Pictures\SendProtect.png 218448 C:\Users\Admin\Pictures\SplitMount.bmp 412624 C:\Users\Admin\Pictures\WaitRequest.emz 339808 C:\Users\Admin\Pictures\WatchRename.wmf 436896 C:\Users\Admin\Documents\ResizeFind.vsdx 3900009 C:\Users\Admin\Pictures\WatchUninstall.svgz 497576 C:\Users\Admin\Documents\RestartSearch.pub 1877811 C:\Recovery\44e79742-8b20-11ea-a722-f2e765a3a928\Winre.wim 169213970 C:\Users\Admin\Documents\StartUnblock.xml 2455599 C:\Users\Admin\Documents\SuspendMeasure.mhtml 2600046 C:\Users\Admin\Documents\SwitchMove.html 1300023 C:\Users\Admin\Documents\These.docx 11462 C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml 2424 C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi 2503680 C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml 1450 C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi 1992192 C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi 2513920 C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml 4274 C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml 1450 C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab 16972987 C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab 9958388 C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab 36233052 C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml 1608 C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi 2506240 C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml 1565 C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml 2296 C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms 715834 C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi 873984 C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml 1383 C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi 868864 C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml 811 C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab 14819276 C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml 5884 C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi 2865664 C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml 3186 C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml 4207 C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab 2928955 C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml 2362 C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab 43806141 C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi 2503680 C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml 1606 C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab 4095519 C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi 2522624 C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml 1800 C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPlusWW.msi 27195904 C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi 2507776 C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml 913 C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml 1452 C:\MSOCache\All Users\{90140000-0011-0000-1000-0000000FF1CE}-C\ProPlusWW.xml 16850 C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi 868864 C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml 819 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml 596341 C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml 2624 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest 1857 C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab 17456632 C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml 1988 C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab 18874884 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab 14127746 C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi 3124224 C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml 1231 C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml 1852 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi 3702272 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml 5557 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi 868864 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml 819 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm 27195 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm 67190 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml 9352 C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST 3584

Emails

[email protected]

Signatures

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1492	2020-05-22_17-36-19.bin.exe
1236	chrome.exe
1688	chrome.exe
1688	chrome.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1852	NOTEPAD.EXE
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe

Interacts with shadow copies 2 TTPs 13 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1107

Inhibit System Recovery

T1490

pid	Process
2028	vssadmin.exe
1704	vssadmin.exe
1760	vssadmin.exe
1568	vssadmin.exe
2024	vssadmin.exe
1328	vssadmin.exe
1180	vssadmin.exe
1604	vssadmin.exe
1924	vssadmin.exe
992	vssadmin.exe
1868	vssadmin.exe
1832	vssadmin.exe
760	vssadmin.exe

Suspicious use of WriteProcessMemory 1023 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 992	1492	2020-05-22_17-36-19.bin.exe	24
PID 1492 wrote to memory of 992	1492	2020-05-22_17-36-19.bin.exe	24
PID 1492 wrote to memory of 992	1492	2020-05-22_17-36-19.bin.exe	24
PID 1492 wrote to memory of 992	1492	2020-05-22_17-36-19.bin.exe	24
PID 1492 wrote to memory of 1704	1492	2020-05-22_17-36-19.bin.exe	28
PID 1492 wrote to memory of 1704	1492	2020-05-22_17-36-19.bin.exe	28
PID 1492 wrote to memory of 1704	1492	2020-05-22_17-36-19.bin.exe	28
PID 1492 wrote to memory of 1704	1492	2020-05-22_17-36-19.bin.exe	28
PID 1492 wrote to memory of 1760	1492	2020-05-22_17-36-19.bin.exe	30
PID 1492 wrote to memory of 1760	1492	2020-05-22_17-36-19.bin.exe	30
PID 1492 wrote to memory of 1760	1492	2020-05-22_17-36-19.bin.exe	30
PID 1492 wrote to memory of 1760	1492	2020-05-22_17-36-19.bin.exe	30
PID 1492 wrote to memory of 1868	1492	2020-05-22_17-36-19.bin.exe	32
PID 1492 wrote to memory of 1868	1492	2020-05-22_17-36-19.bin.exe	32
PID 1492 wrote to memory of 1868	1492	2020-05-22_17-36-19.bin.exe	32
PID 1492 wrote to memory of 1868	1492	2020-05-22_17-36-19.bin.exe	32
PID 1492 wrote to memory of 1832	1492	2020-05-22_17-36-19.bin.exe	34
PID 1492 wrote to memory of 1832	1492	2020-05-22_17-36-19.bin.exe	34
PID 1492 wrote to memory of 1832	1492	2020-05-22_17-36-19.bin.exe	34
PID 1492 wrote to memory of 1832	1492	2020-05-22_17-36-19.bin.exe	34
PID 1492 wrote to memory of 760	1492	2020-05-22_17-36-19.bin.exe	36
PID 1492 wrote to memory of 760	1492	2020-05-22_17-36-19.bin.exe	36
PID 1492 wrote to memory of 760	1492	2020-05-22_17-36-19.bin.exe	36
PID 1492 wrote to memory of 760	1492	2020-05-22_17-36-19.bin.exe	36
PID 1492 wrote to memory of 1328	1492	2020-05-22_17-36-19.bin.exe	38
PID 1492 wrote to memory of 1328	1492	2020-05-22_17-36-19.bin.exe	38
PID 1492 wrote to memory of 1328	1492	2020-05-22_17-36-19.bin.exe	38
PID 1492 wrote to memory of 1328	1492	2020-05-22_17-36-19.bin.exe	38
PID 1492 wrote to memory of 1180	1492	2020-05-22_17-36-19.bin.exe	40
PID 1492 wrote to memory of 1180	1492	2020-05-22_17-36-19.bin.exe	40
PID 1492 wrote to memory of 1180	1492	2020-05-22_17-36-19.bin.exe	40
PID 1492 wrote to memory of 1180	1492	2020-05-22_17-36-19.bin.exe	40
PID 1492 wrote to memory of 1604	1492	2020-05-22_17-36-19.bin.exe	42
PID 1492 wrote to memory of 1604	1492	2020-05-22_17-36-19.bin.exe	42
PID 1492 wrote to memory of 1604	1492	2020-05-22_17-36-19.bin.exe	42
PID 1492 wrote to memory of 1604	1492	2020-05-22_17-36-19.bin.exe	42
PID 1492 wrote to memory of 1568	1492	2020-05-22_17-36-19.bin.exe	44
PID 1492 wrote to memory of 1568	1492	2020-05-22_17-36-19.bin.exe	44
PID 1492 wrote to memory of 1568	1492	2020-05-22_17-36-19.bin.exe	44
PID 1492 wrote to memory of 1568	1492	2020-05-22_17-36-19.bin.exe	44
PID 1492 wrote to memory of 1924	1492	2020-05-22_17-36-19.bin.exe	46
PID 1492 wrote to memory of 1924	1492	2020-05-22_17-36-19.bin.exe	46
PID 1492 wrote to memory of 1924	1492	2020-05-22_17-36-19.bin.exe	46
PID 1492 wrote to memory of 1924	1492	2020-05-22_17-36-19.bin.exe	46
PID 1492 wrote to memory of 2024	1492	2020-05-22_17-36-19.bin.exe	48
PID 1492 wrote to memory of 2024	1492	2020-05-22_17-36-19.bin.exe	48
PID 1492 wrote to memory of 2024	1492	2020-05-22_17-36-19.bin.exe	48
PID 1492 wrote to memory of 2024	1492	2020-05-22_17-36-19.bin.exe	48
PID 1492 wrote to memory of 2028	1492	2020-05-22_17-36-19.bin.exe	50
PID 1492 wrote to memory of 2028	1492	2020-05-22_17-36-19.bin.exe	50
PID 1492 wrote to memory of 2028	1492	2020-05-22_17-36-19.bin.exe	50
PID 1492 wrote to memory of 2028	1492	2020-05-22_17-36-19.bin.exe	50
PID 1492 wrote to memory of 1816	1492	2020-05-22_17-36-19.bin.exe	52
PID 1492 wrote to memory of 1816	1492	2020-05-22_17-36-19.bin.exe	52
PID 1492 wrote to memory of 1816	1492	2020-05-22_17-36-19.bin.exe	52
PID 1492 wrote to memory of 1816	1492	2020-05-22_17-36-19.bin.exe	52
PID 1492 wrote to memory of 1328	1492	2020-05-22_17-36-19.bin.exe	59
PID 1492 wrote to memory of 1328	1492	2020-05-22_17-36-19.bin.exe	59
PID 1492 wrote to memory of 1328	1492	2020-05-22_17-36-19.bin.exe	59
PID 1492 wrote to memory of 1328	1492	2020-05-22_17-36-19.bin.exe	59
PID 1688 wrote to memory of 1952	1688	chrome.exe	63
PID 1688 wrote to memory of 1952	1688	chrome.exe	63
PID 1688 wrote to memory of 1952	1688	chrome.exe	63
PID 1688 wrote to memory of 2020	1688	chrome.exe	64
PID 1688 wrote to memory of 2020	1688	chrome.exe	64
PID 1688 wrote to memory of 2020	1688	chrome.exe	64
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 2028	1688	chrome.exe	65
PID 1688 wrote to memory of 1236	1688	chrome.exe	66
PID 1688 wrote to memory of 1236	1688	chrome.exe	66
PID 1688 wrote to memory of 1236	1688	chrome.exe	66
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 644	1688	chrome.exe	67
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 1680	1688	chrome.exe	68
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 600	1688	chrome.exe	69
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1516	1688	chrome.exe	71
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 1616	1688	chrome.exe	72
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2420	1688	chrome.exe	74
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2468	1688	chrome.exe	75
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2504	1688	chrome.exe	76
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2880	1688	chrome.exe	77
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2924	1688	chrome.exe	78
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2940	1688	chrome.exe	79
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 2960	1688	chrome.exe	80
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 3028	1688	chrome.exe	81
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2160	1688	chrome.exe	82
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2144	1688	chrome.exe	83
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2332	1688	chrome.exe	84
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2364	1688	chrome.exe	85
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2476	1688	chrome.exe	86
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 2516	1688	chrome.exe	87
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3040	1688	chrome.exe	90
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3064	1688	chrome.exe	91
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92
PID 1688 wrote to memory of 3024	1688	chrome.exe	92

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeBackupPrivilege	1148	vssvc.exe
Token: SeRestorePrivilege	1148	vssvc.exe
Token: SeAuditPrivilege	1148	vssvc.exe
Token: SeIncreaseQuotaPrivilege	1816	wmic.exe
Token: SeSecurityPrivilege	1816	wmic.exe
Token: SeTakeOwnershipPrivilege	1816	wmic.exe
Token: SeLoadDriverPrivilege	1816	wmic.exe
Token: SeSystemProfilePrivilege	1816	wmic.exe
Token: SeSystemtimePrivilege	1816	wmic.exe
Token: SeProfSingleProcessPrivilege	1816	wmic.exe
Token: SeIncBasePriorityPrivilege	1816	wmic.exe
Token: SeCreatePagefilePrivilege	1816	wmic.exe
Token: SeBackupPrivilege	1816	wmic.exe
Token: SeRestorePrivilege	1816	wmic.exe
Token: SeShutdownPrivilege	1816	wmic.exe
Token: SeDebugPrivilege	1816	wmic.exe
Token: SeSystemEnvironmentPrivilege	1816	wmic.exe
Token: SeRemoteShutdownPrivilege	1816	wmic.exe
Token: SeUndockPrivilege	1816	wmic.exe
Token: SeManageVolumePrivilege	1816	wmic.exe
Token: 33	1816	wmic.exe
Token: 34	1816	wmic.exe
Token: 35	1816	wmic.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Drops file in Windows directory 63 IoCs

description	ioc	Process
File created	C:\Windows\ehome\CreateDisc\Components\tables\absthr_0.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\alloc_1.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\1cb1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\1th0.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\2cb2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\6c3e7934e9e70d0fb2dfeb3af2325793\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\f29b02fec13315ab58a997da84d42d39f8d01a1d.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\2th1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\046b70de3a2fd676d807d11bedad4dcd\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SoftwareDistribution\Download\f29b02fec13315ab58a997da84d42d39f8d01a1d.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\2cb1.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\Boot\PCAT\bootmgr.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\1cb0.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\1cb1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\1th1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\alloc_1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\Panther\setupinfo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\absthr_0.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\absthr_2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\alloc_0.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\Boot\DVD\PCAT\BCD.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\1th2.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\enwindow.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\1cb2.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\2cb0.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\2cb1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\dewindow.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SoftwareDistribution\Download\d881ecfb1357f383d18f1e4fd0554eb0\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\Boot\DVD\EFI\BCD.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\absthr_1.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SoftwareDistribution\Download\31babaaa45cee9a47acba0207c097502\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\alloc_2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\alloc_2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\alloc_3.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\1cb0.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\2cb2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\2th0.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\31babaaa45cee9a47acba0207c097502\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\absthr_1.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SoftwareDistribution\Download\499e9f34ae4b5b02c752dc8920c033aa\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\1th0.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\alloc_0.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SoftwareDistribution\Download\046b70de3a2fd676d807d11bedad4dcd\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\1cb2.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\2th2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\2th2.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\alloc_3.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\enwindow.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\d881ecfb1357f383d18f1e4fd0554eb0\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\SoftwareDistribution\Download\499e9f34ae4b5b02c752dc8920c033aa\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SoftwareDistribution\Download\6c3e7934e9e70d0fb2dfeb3af2325793\cbshandler\state.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\Panther\setupinfo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\1th1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\1th2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\2cb0.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\2th0.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\ehome\CreateDisc\Components\tables\2th1.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\absthr_2.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ehome\CreateDisc\Components\tables\dewindow.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357.corona-lock	2020-05-22_17-36-19.bin.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 0f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad09000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703091400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded31d000000010000001000000096f98b6e79a74810ce7d398a82f977780b000000010000000e000000430065007200740075006d0000000300000001000000140000006252dc40f71143a22fde9ef7348e064251b181182000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob = 1900000001000000100000000b6cd9778e41ad67fd6be0a6903710440300000001000000140000006252dc40f71143a22fde9ef7348e064251b181180b000000010000000e000000430065007200740075006d0000001d000000010000001000000096f98b6e79a74810ce7d398a82f977781400000001000000140000006daa9b0987c4d0d422ed4007374d19f191ffded309000000010000003e000000303c06082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030806082b060105050703090f00000001000000140000001e427a3639cce4c27e94b1777964ca289a722cad2000000001000000100300003082030c308201f4a0030201020203010020300d06092a864886f70d0101050500303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d204341301e170d3032303631313130343633395a170d3237303631313130343633395a303e310b300906035504061302504c311b3019060355040a1312556e697a65746f2053702e207a206f2e6f2e311230100603550403130943657274756d20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ceb1c12ed34f7ccd25ce183e4fc48c6f806a73c85b51f89bd2dcbb005cb1a0fc7503ee81f088ee2352e9e615338dac2d09c576f92b398089e4974b90a5a878f873437ba461b0d858cce16c667e9cf3095e556384d5a8eff3b12e3068b3c43cd8ac6e8d995a904e34dc369a8f818850b76d964209f3d795830d414bb06a6bf8fc0f7e629f67c4ed265f10260f084ff0a45728ce8fb8ed45f66eee255daa6e39bee4932fd947a072ebfaa65bafca533fe20ec69656116ef7e966a926d87f9553ed0a8588ba4f29a5428c5eb6fc852000aa680ba11a85019cc446638288b622b1eefeaa46597ecf352cd5b6da5df748331454b6ebd96fcecd88d6ab1bda963b1d590203010001a3133011300f0603551d130101ff040530030101ff300d06092a864886f70d01010505000382010100b88dceefe714bacfeeb044926cb4393ea2846eadb82177d2d4778287e6204181eee2f811b763d11737be1976241c041a4ceb3daa676f2dd4cdfe653170c51ba6020aba607b6d58c29a49fe63320b6be33ac0acab3bb0e8d309518c1083c634e0c52be01ab66014276c32778cbcb27298cfcdcc3fb9c8244214d657fce62643a91de58090ce0354283ef73fd3f84ded6a0a3a93139b3b142313639c3fd1872779e54c51e301ad855d1a3bb1d57310a4d3f2bc6e64f55a5690a8c70e4c740f2e713bf7c847f4696f15f2115e831e9c7c52aefd02da12a8596718dbbc70dd9bb169ed80ce8940486a0e35ca29661521942ce8602a9b854a40f36b8a24ec06162c73	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	chrome.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	chrome.exe

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_metadata\computed_hashes.json	chrome.exe

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1852	NOTEPAD.EXE

Deletes itself 1 IoCs

pid	Process
1328	cmd.exe

Modifies service 2 TTPs 4 IoCs

persistence

Modify Registry

T1112

Modify Existing Service

T1031

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer	vssvc.exe

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1"	2020-05-22_17-36-19.bin.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\System32\LogFiles\Scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Windows\System32\LogFiles\Scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9.corona-lock	2020-05-22_17-36-19.bin.exe

Adds Run entry to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Windows\CurrentVersion\Run	2020-05-22_17-36-19.bin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Windows\CurrentVersion\Run\MSFEEditor = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\2020-05-22_17-36-19.bin.exe\" e"	2020-05-22_17-36-19.bin.exe

Enumerates connected drives 3 TTPs

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Drops file in Program Files directory 824 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Mozilla Firefox\precomplete.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Toronto.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Menominee.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Guyana.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\New_York.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Thule.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\classlist.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\PST8PDT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Barbados.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Managua.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\release.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Belize.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Nome.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Recife.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Mozilla Firefox\removed-files.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\blacklist.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Matamoros.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Chicago.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Denver.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Creston.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\EST.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\CST6CDT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cancun.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santiago.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\WET.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\EST5EDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Araguaina.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\LICENSE.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\master_preferences.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Noronha.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\classlist.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Boise.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\tzmappings.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Halifax.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Antigua.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Curacao.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Juneau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\MST.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Barbados.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Moncton.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\New_York.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\GMT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\EET.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thule.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cancun.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\London.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Moncton.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Toronto.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\HST.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Bahia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Caracas.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Detroit.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Maceio.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Merida.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Regina.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Panama.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\LICENSE.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\CET.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Godthab.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\meta-index.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\master_preferences.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Adak.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\MET.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\COPYRIGHT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\cacerts.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Belem.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Bogota.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Lima.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\MST7MDT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Resolute.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\meta-index.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Havana.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\GMT.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Managua.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Dawson.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cayman.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Merida.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santiago.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Montreal.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Nassau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\release.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Sitka.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Manaus.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Atikokan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guyana.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Martinique.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santarem.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.corona-lock	2020-05-22_17-36-19.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.corona-lock	2020-05-22_17-36-19.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.corona-lock	2020-05-22_17-36-19.bin.exe

C:\Users\Admin\AppData\Local\Temp\2020-05-22_17-36-19.bin.exe
"C:\Users\Admin\AppData\Local\Temp\2020-05-22_17-36-19.bin.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Drops file in Windows directory
- System policy modification
- Drops file in System32 directory
- Adds Run entry to start application
- Drops file in Program Files directory
PID:1492
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=c: /on=c: /maxsize=401MB
  2⤵
  - Interacts with shadow copies
  PID:992
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=c: /on=c: /maxsize=unbounded
  2⤵
  - Interacts with shadow copies
  PID:1704
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=d: /on=d: /maxsize=401MB
  2⤵
  - Interacts with shadow copies
  PID:1760
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=d: /on=d: /maxsize=unbounded
  2⤵
  - Interacts with shadow copies
  PID:1868
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=e: /on=e: /maxsize=401MB
  2⤵
  - Interacts with shadow copies
  PID:1832
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=e: /on=e: /maxsize=unbounded
  2⤵
  - Interacts with shadow copies
  PID:760
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=f: /on=f: /maxsize=401MB
  2⤵
  - Interacts with shadow copies
  PID:1328
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=f: /on=f: /maxsize=unbounded
  2⤵
  - Interacts with shadow copies
  PID:1180
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=g: /on=g: /maxsize=401MB
  2⤵
  - Interacts with shadow copies
  PID:1604
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=g: /on=g: /maxsize=unbounded
  2⤵
  - Interacts with shadow copies
  PID:1568
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=h: /on=h: /maxsize=401MB
  2⤵
  - Interacts with shadow copies
  PID:1924
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Resize ShadowStorage /for=h: /on=h: /maxsize=unbounded
  2⤵
  - Interacts with shadow copies
  PID:2024
- C:\Windows\SysWOW64\vssadmin.exe
  vssadmin.exe Delete Shadows /All /Quiet
  2⤵
  - Interacts with shadow copies
  PID:2028
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic.exe SHADOWCOPY /nointeractive
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1816
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2020-0~1.EXE >> NUL
  2⤵
  - Deletes itself
  PID:1328

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
- Modifies service
PID:1148

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\README_LOCK.TXT
1⤵
- Suspicious use of FindShellTrayWindow
- Opens file in notepad (likely ransom note)
PID:1852

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
- Drops Chrome extension
PID:1688
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=81.0.4044.129 --initial-client-data=0xa4,0xa8,0xac,0x78,0xb0,0x7fef66ebd28,0x7fef66ebd38,0x7fef66ebd48
  2⤵
  PID:1952
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=1928 --on-initialized-event-handle=352 --parent-handle=356 /prefetch:6
  2⤵
  PID:2020
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1076 --ignored=" --type=renderer " /prefetch:2
  2⤵
  PID:2028
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Modifies system certificate store
  PID:1236
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1
  2⤵
  PID:600
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2792 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1404 --ignored=" --type=renderer " /prefetch:2
  2⤵
  PID:2504
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4008 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2880
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4076 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4028 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2940
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4108 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4172 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:3028
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4352 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2160
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=4340 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2144
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3972 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3940 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1464 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3504 --ignored=" --type=renderer " /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,5025793382944344297,13817387903702670012,131072 --disable-gpu-compositing --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2504 /prefetch:1
  2⤵
  PID:3024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

File Deletion

T1107

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

memory/600-29-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-108-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-117-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-124-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-116-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-113-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-16-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/600-112-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-27-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-82-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-109-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-121-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-105-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-104-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-101-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-100-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-97-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-96-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-93-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-92-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-89-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-88-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-86-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/600-83-0x000000000A2C0000-0x000000000A2D1000-memory.dmp

Filesize
68KB

Download
memory/644-214-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-226-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-216-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-215-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-235-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-213-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-212-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-211-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-210-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-187-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-186-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-185-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-184-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-183-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-182-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-181-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-180-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-179-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-178-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-177-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-176-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-175-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-174-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-173-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-172-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-171-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-234-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-170-0x0000000009BB0000-0x0000000009BC1000-memory.dmp

Filesize
68KB

Download
memory/644-169-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-8-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/644-233-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-232-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-231-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-230-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-218-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-219-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-229-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-228-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-220-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-227-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-221-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-222-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-217-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-225-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-223-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/644-224-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1492-0-0x0000000002E4B000-0x0000000002E4C000-memory.dmp

Filesize
4KB

Download
memory/1492-1-0x0000000004510000-0x0000000004521000-memory.dmp

Filesize
68KB

Download
memory/1516-118-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-150-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-98-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-99-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-87-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-85-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-102-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-103-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-84-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-81-0x0000000009A80000-0x0000000009A91000-memory.dmp

Filesize
68KB

Download
memory/1516-106-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-107-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-80-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-30-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-110-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-111-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-166-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-167-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-114-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-115-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-168-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-91-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-94-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-157-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-90-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-123-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-120-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-95-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-165-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-164-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-163-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-156-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-155-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-162-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-161-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-160-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-159-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-146-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-147-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-148-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-149-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-158-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-151-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-152-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-153-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1516-154-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1616-139-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1616-137-0x0000000009F10000-0x0000000009F21000-memory.dmp

Filesize
68KB

Download
memory/1616-119-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/1680-73-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-47-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-77-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-76-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-12-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/1680-24-0x0000027000040000-0x0000027000041000-memory.dmp

Filesize
4KB

Download
memory/1680-75-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-74-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-72-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-71-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-70-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-69-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-68-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-67-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-66-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-65-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-64-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-63-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-62-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-61-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-60-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-59-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-58-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-57-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-56-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-34-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-35-0x0000000009D90000-0x0000000009DA1000-memory.dmp

Filesize
68KB

Download
memory/1680-36-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-37-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-38-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-39-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-40-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-41-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-42-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-43-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-44-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-45-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-55-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-54-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-53-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-52-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-51-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-50-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-49-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-48-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-78-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1680-46-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1688-240-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-243-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-203-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-248-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-276-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-275-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-274-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-272-0x00000000218A0000-0x00000000218C3000-memory.dmp

Filesize
140KB

Download
memory/1688-245-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-268-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-251-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-256-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-242-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-241-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-250-0x000000001A8B0000-0x000000001A8D3000-memory.dmp

Filesize
140KB

Download
memory/1688-239-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/1688-237-0x000000001F860000-0x000000001F871000-memory.dmp

Filesize
68KB

Download
memory/2028-4-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2028-5-0x0000000077600000-0x0000000077601000-memory.dmp

Filesize
4KB

Download
memory/2028-3-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2144-207-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2160-205-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2332-271-0x0000000007FA0000-0x0000000007FB1000-memory.dmp

Filesize
68KB

Download
memory/2332-246-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2364-254-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2420-141-0x0000000009810000-0x0000000009821000-memory.dmp

Filesize
68KB

Download
memory/2420-144-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2420-143-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2420-127-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2420-145-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2468-130-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2476-260-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2504-135-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2516-277-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/2516-263-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2880-189-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2924-192-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2940-194-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/2960-198-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/3024-286-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/3040-280-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download
memory/3064-283-0x000000013FE40FC0-0x000000013FE41110-memory.dmp

Filesize
336B

Download