36bbb22a967bc33031ccd6502f2163cc7e4c2460c462880e150e2470e9b6c2b6

Analysis

max time kernel
151s
max time network
44s
platform
windows7_x64
resource
win7v200430
submitted
31/05/2020, 11:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ransom.bin.exe
Size

82KB
MD5

50a8eaf7e9aacf554862a4dd4a44f70f
SHA1

81fce02871932bbc6811fb955471ff90b5f29190
SHA256

adc2f5649973f922dc8294df91c63303870178c8a6839c1a9e8c9e4c4516bfd0
SHA512

416e15f6dc1e25c867011a90645775c6a30add95578082b19950641e28a22bd8c049b5f8c02d5d7514e6b5db0e646e91995b09ea3a58ab7bce9726e60a9f2cf4

Score

10^/10

ransomware persistence

Malware Config

Extracted

Path

C:\Users\Admin\ReadMe.txt

Ransom Note

What happend for my computer? All your files are encrypted due a security issue in your computer. What should i do? You have 48 hours to email us.Otherwise, the decryption price will increase or become impossible. Your email must contain your unique id and the unique key. your unique id is 7CA96E25 your unique key is lpT6xs/T+Zq0oYiLS2jjlUOifOZ5ojRhxH/Hx1W0Z4W4sO14SvNwla8/sh3zoTH09fYFmYwpUreQE0jZP7wGCsEVVmf939uzvwo1qleBRp3h5ELef1ednrDCdqxfUJntx9p62FxTk9uADlkuWeaZMEpyPoCa4xlXDe9AOFz2ccUpFkkrJ4+pOK8wM4JUx4Nr1hRbpF26jt79kOfAECr/THKVm47oiVIg+ANrGEGaRWTy1gE5HsZxxqjqdrDGcGnOol0A6oFdbIZ8z+mDwe9o1KD3VOzdlHFfxJ5tBuz5Gd6Xn0vMZcQnqLn5hi6q4bA7tkcfF/KqOyHzUP5JpIQ33KXmC82IYt+S/jzjEUhsV6URTGKEkP2KwQvcSrIdsPzGK7SVTcNiMmT4vMHdOXptRXIk8o2geiliuWdl1+9pJ2NC3CelH29gNPcgeSj2uiHuLOciRNHPOqRNrNYGgfU9JqZaMWfYyVI1jdNUPgneLC+kXyL7at3SGvDgoobNMvOwsBX0PK3yrxH5MAFuKSyglkgeKlKwsV+783GkO3QLCsHjYqaZfunsaxlG2SNitw+HvRmjEBYHwLk9LlopnCUCv3FjpKNTW5chMotImS0zjnZlgw96hZEC+wirdxFlyr+D9UVbUwpEoxFuE/KIQ7W+wI4FcalUO/tktSzRnOv08Cc= Email Address: [email protected] If you didn't recive any response till 24 hours,Send email to this address: [email protected] What is our guarantee? We decrypt two files for you Free to be sure that we are able to recover your files.

Emails

[email protected]

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1516	ransom.bin.exe

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 1032	1516	ransom.bin.exe	25
PID 1516 wrote to memory of 1032	1516	ransom.bin.exe	25
PID 1516 wrote to memory of 1032	1516	ransom.bin.exe	25
PID 1516 wrote to memory of 1792	1516	ransom.bin.exe	28
PID 1516 wrote to memory of 1792	1516	ransom.bin.exe	28
PID 1516 wrote to memory of 1792	1516	ransom.bin.exe	28
PID 1516 wrote to memory of 1820	1516	ransom.bin.exe	31
PID 1516 wrote to memory of 1820	1516	ransom.bin.exe	31
PID 1516 wrote to memory of 1820	1516	ransom.bin.exe	31

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1516	ransom.bin.exe
Token: SeBackupPrivilege	1840	vssvc.exe
Token: SeRestorePrivilege	1840	vssvc.exe
Token: SeAuditPrivilege	1840	vssvc.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ransom.exe	ransom.bin.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ransom.exe	ransom.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\info.hta	ransom.bin.exe

Interacts with shadow copies 2 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1107

Inhibit System Recovery

T1490

pid	Process
1748	vssadmin.exe

Drops file in Program Files directory 5661 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CACH.LEX	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft.NET\RedistList\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightRegular.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\tpcps.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\v8_context_snapshot.bin	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sk.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOICONS.EXE	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe.config	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-5	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_super.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FBIBLIO.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.INF	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup-impl.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxC	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_is.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\La_Paz	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Bold.otf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Resolute	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Source Engine\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.htm	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\localedata.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\EQUATION\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Portal\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdaenum.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Curacao	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif	ransom.bin.exe
File opened for modification	C:\Program Files\ImportRevoke.xsl	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\wmprph.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\logo.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\ODeploy.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jce.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Halifax	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Boise	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok	ransom.bin.exe
File opened for modification	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_up.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\setting_back.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.WIH	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\bn.pak	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\eventlog_provider.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Bissau	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santiago	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\gadget.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\ssv.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_pt-PT.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\trusted.libraries	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FSTOCK.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\swiftshader\libGLESv2.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAProject.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Lima	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk	ransom.bin.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Bahia	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\networkinspection.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\release	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_uk.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\it.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-compat.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Data1.cab	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.jpg	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_da.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\81.0.4044.129.manifest	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\ssvagent.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIBUtils.dll	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Web Folders\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Samara	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msaddsr.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_iw.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\GMT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_issue.gif	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONLNTCOMLIB.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ICE.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.htm	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\submission_history.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\uk.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OSETUPUI.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\sk.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Chicago	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PDDom.api	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\WTSP61MS.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.INF	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings_0.10.200.v20140424-2042.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Services\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\eula.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\fil.pak	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\AddIns.store	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-4	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSDecWrp.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateOnDemand.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\sqmapi.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_fi.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Help\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Paris	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\am.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcfr.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\notification_helper.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\bod_r.TTF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_all.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\WidevineCdm\LICENSE	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\chrome.VisualElementsManifest.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Resource.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\splash.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\USP10.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\oledbjvs.inc	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\System.AddIn.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Defender\MsMpLics.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrmstp.exe	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\chrome_200_percent.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_lv.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\Xusage.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui_3.106.0.v20140812-1751.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\OPTINPS.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\psfontj2d.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Godthab	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\iedvtool.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\oisctrl.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\wab32.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\epl-v10.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Guatemala	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TextConv\Wks9Pxy.cnv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Thule	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\SoftBlue.jpg	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Belem	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\javafx.policy	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Hand Prints.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pidgenx.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Inuvik	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ms.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Chihuahua	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdate.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\wab32res.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\meta-index	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msado20.tlb	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\swiftshader\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\VVIEWRES.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar	ransom.bin.exe
File created	C:\Program Files\7-Zip\Lang\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Google\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll	ransom.bin.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\TextFile.zip	ransom.bin.exe
File opened for modification	C:\Program Files\TestFind.m4v	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.rll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Denver	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\1.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\settings.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\fonts\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Defender\MpAsDesc.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Update\Install\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\desktop.ini	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZY______.PFB	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPNSSUI.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\St_Johns	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_hu.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.ELM	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Defender\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoViewer.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\icon.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssLogo.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\WMPMediaSharing.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\micaut.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\mr.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\icon.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\tnameserv.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\ext\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\ConvertToEnable.3g2	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\default_apps\docs.crx	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\default_apps\youtube.crx	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\management-agent.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\en-US\sbdrop.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ar.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Montreal	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_EN.LEX	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Extensions\external_extensions.json	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\content-types.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\java.security	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Antigua	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT632.CNV	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.INF	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.INF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\Logo.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\msvcr100.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jli.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\IRIS.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_On.png	ransom.bin.exe
File created	C:\Program Files (x86)\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\EST	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\PST8PDT	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Peacock.htm	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png	ransom.bin.exe
File created	C:\Program Files\Common Files\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msdaprst.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v10.0.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\blacklist	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmplayer.exe.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\MSB1FRAR.ITS	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Bogota	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Guyana	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAClientPkgUI.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\MSOERES.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\en-US.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg	ransom.bin.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\pt-PT.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penkor.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Roses.jpg	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_nl.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\row_over.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Havana	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\CompleteMeasure.vsw	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.ELM	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\bg.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\abcpy.ini	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\BREEZE.ELM	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\classlist	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\pl.pak	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msadox.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\pack200.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\chrome.exe.sig	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipBand.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ms.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Accra	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\corner.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_down.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\oledb32r.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\MAPISHELLR.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_left.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\d3dcompiler_47.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\add_reviewer.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ml.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\java_crw_demo.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Wallis	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSORES.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.cer	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msader15.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\jaccess.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Maceio	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Toronto	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdaps.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jpeg.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\WebKit.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sl.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\LoginForm.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\SIGNUP\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\RIPPLE.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msadcf.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\management\jmxremote.access	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\AXIS.INF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_over.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\pdm.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msadcfr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\chrome_elf.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_cs.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\VVIEWDWG.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ja.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msadcor.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\logo.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dt_socket.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPLACE.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\setup.swf	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Orange Circles.htm	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_ja.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\MST	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\gu.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_h.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\npt.dll	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.api	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\th.pak	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Macau	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.INF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Temp\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\HST	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\DirectDB.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\SettingsInternal.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\networkinspection.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\wabimp.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Salta	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Soft Blue.htm	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_en.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\drag.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\3.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\icudtl.dat	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\XDPFile_8.ico	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\hxdsui.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\SUMIPNTG.INF	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\hxdsui.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msado21.tlb	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\rtscom.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\LogoDev.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\psmachine_64.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\icon.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdate.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Moncton	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\WISC30.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\WET	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\IACOM2.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\WT61ES.LEX	ransom.bin.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwgst.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\Services\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\lt.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_vi.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\sentinel	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javacpl.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\EURO\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jfr.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.INF	ransom.bin.exe
File created	C:\Program Files\Java\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\ImagingDevices.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CRT	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\java.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ko.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\logo.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MOFL.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\flyout.css	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Stanley	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\connectionmanager_dmr.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\fr.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\kn.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msadox28.tlb	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\PhotoAcq.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\j2pcsc.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\MEIPreload\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sv.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\charsets.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_right.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jvm.hprof.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\sunmscapi.dll	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\WinMail.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_FR.LEX	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\BHOINTL.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt	ransom.bin.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\installer.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png	ransom.bin.exe
File created	C:\Program Files\Common Files\System\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\splashscreen.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.HostAdapter.v10.0.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_48.jpg	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\gadget.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\MET	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.ELM	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\images\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.CSD	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dataset.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\xmlrw.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.ds_1.4.200.v20131126-2331.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javafx-iio.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_id.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.INF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jfxwebkit.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\accessibility.properties	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\zh-TW.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jdwp.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\adojavas.inc	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationTypes.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jfr\default.jfc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik	ransom.bin.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\da.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Oslo	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateCore.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\EmptyDatabase.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TextConv\WPFT532.CNV	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSLaunch.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\Words.pdf	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\cursors.properties	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\flyoutBack.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\java-rmi.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msadco.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\UTC	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ResourceInternal.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig.companion.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\net.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\calendars.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSORES.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\16-on-black.gif	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdatl3.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\WidevineCdm\manifest.json	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\bin\server\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\en-US\msader15.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\7-Zip\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jfxrt.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\elevation_service.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_fil.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Buenos_Aires	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Currie	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\local_policy.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ru.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRdIF.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\STUDIO.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\OCLTINT.DLL	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\IEShims.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\vi.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\msoe.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\VSTARemotingServer.tlb	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.INF	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jfxmedia.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3C25.tmp\GoogleUpdateSetup.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpenc.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\management.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santarem	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\cpu.js	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_hov.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\helpmap.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\TableTextService.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\JSByteCodeWin.bin	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\weblink.api	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Merida	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\open_original_form.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\xmlrwbin.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multiview.xml	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation_1.2.100.v20131119-0908.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\deploy.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\hprof.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\picturePuzzle.css	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\tzmappings	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PROFILE.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\el.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Yakutat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VGX\VGX.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\81.0.4044.129\81.0.4044.129_chrome_installer.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msado27.tlb	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.INF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ml.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\libxslt.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\rt.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUS\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Portable Devices\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SplashScreen.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\verify.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_lt.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLPROXY.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_bn.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\VBAOWS10.CHM	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-disable.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_m.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Edmonton	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\GreenBubbles.jpg	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpnssci.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\HLS.api	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\logo.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBE7INTL.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\keytool.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\chrome.dll.sig	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PPSLAX.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_floating.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\ended_review_or_form.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\tr.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MUAUTH.CAB	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\extensibility.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\PipelineSegments.store	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prcr.x3d	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\cpu.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_rest.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Madrid	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fontconfig.bfc	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\NETWORK.INF	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ahclient.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\CET	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Prague	ransom.bin.exe
File opened for modification	C:\Program Files\ConfirmSend.pcx	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Detroit	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\README.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UDT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\glib-lite.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-ui_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_te.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\New_York	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\81.0.4044.129\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\trash.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\MEIPreload\manifest.json	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jabswitch.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msxactps.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OWSSUPP.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\rmid.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\security\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Manila	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\London	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ko.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolui100.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Athens	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\JOURNAL.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.ITS	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VBA\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville	ransom.bin.exe
File created	C:\Program Files\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Brussels	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaprsr.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\SmallLogoBeta.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\chrome_100_percent.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\currency.data	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\chrome.7z	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NAME.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msdaprsr.dll	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3C25.tmp\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\tesselate.x3d	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\RenderingControl.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdatt.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_right.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\es-419.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\VSTAClientPkg.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.CMP	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.jpg	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msado28.tlb	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\desktop.ini	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.swf	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Extensions\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Atikokan	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OSETUP.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-attach.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\chrome.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\COPYRIGHT	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\CANYON.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v9.0.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\lv.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Tallinn	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\wmplayer.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\CST6CDT	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateSetup.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\default_apps\external_extensions.json	ransom.bin.exe
File created	C:\Program Files\Common Files\System\MSMAPI\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Nipigon	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\zipfs.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\SATIN.ELM	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Update\Install\{790FB95E-131F-4B1A-93CD-438F382AB794}\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Rome	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\skchobj.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr	ransom.bin.exe
File opened for modification	C:\Program Files\ConfirmCopy.csv	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jni.h	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Recife	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\libEGL.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jawt.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm.api	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\PROOF\MSWDS_ES.LEX	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+3	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Update\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\flavormap.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\sqlxmlx.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\LogoBeta.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\jvm.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Defender\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\alt-rt.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateComRegisterShell64.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee90.tlb	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ca.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\default_apps\drive.crx	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\LogoCanary.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ro.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Regina	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\MSTAG.TLB	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_hi.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMCCore.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Onix32.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_kn.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msjro.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\id.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tarawa	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1XTOR.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Urumqi	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_over.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Internet Explorer\SIGNUP\install.ins	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\VBE6EXT.OLB	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Denver	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Jamaica	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Nassau	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPWEC.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jsound.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\QUAD.INF	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\WidevineCdm\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msadcer.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\pt-BR.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\CodeFile.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar	ransom.bin.exe
File opened for modification	C:\Program Files\MountRequest.rmi	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_el.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dili	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\ieinstal.exe.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\BLUEPRNT.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\REFINED.ELM	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg	ransom.bin.exe
File opened for modification	C:\Program Files\ExpandTrace.vssx	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\DESIGNER\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\MakeAccessible.api	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AssemblyInfoInternal.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\UserControl.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\te.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Services\verisign.bmp	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\CsiSoap.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Office.Contract.v10.0.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\SetUse.vstx	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.AddInAdapter.v9.0.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_gu.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msadrh15.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\PROOF\MSLID.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwLatin.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\eula.ini	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\SmallLogoDev.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\resources.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\wsdetect.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF	ransom.bin.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\swiftshader\libEGL.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\VVIEWER.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\EST5EDT	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\NamedURLs.HxK	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.LTS	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\promointl.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\images\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Vancouver	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Malta	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ARCTIC.INF	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\journal.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\msaddsr.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\System\MSMAPI\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\sRGB.pf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_divider_left.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jsoundds.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DAO\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png	ransom.bin.exe
File opened for modification	C:\Program Files\UnlockConfirm.edrwx	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STP	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PAPYRUS.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OneNoteSyncPC.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_down.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipres.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\glass.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll	ransom.bin.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\java.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ur.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_orange.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ca.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Creston	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUS\ProPlusWW.XML	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfoInternal.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeAUM_rootCert.cer	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.jpg	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\unpack.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.INF	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmpnssci.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\README.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\pdm.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Barbados	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Sitka	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\AUTHZAX.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PIXEL.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_et.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_bg.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\sunec.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\PROOF\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icudt36.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\WATER.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\xmlrwbin.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\F12Tools.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\servertool.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\DW\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_right.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RICHED20.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Martinique	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_es-419.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdasqlr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\THEMES.INF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.LIC	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Settings.zip	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\EmptyDatabase.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\psmachine.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penchs.dll	ransom.bin.exe
File created	C:\Program Files (x86)\WindowsPowerShell\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\hxdsui.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AssemblyInfo.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonUp_Off.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdaurl.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\fi.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dcpr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Port_Moresby	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\drag.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-4.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jp2iexp.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\plugin.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\WMPDMCCore.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Whitehorse	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT	ransom.bin.exe
File opened for modification	C:\Program Files\StopRevoke.xsl	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\gadget.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\amd64\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\STSUPLD.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\management\snmp.acl.template	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\msdaremr.dll.mui	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_en-GB.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\XmlFile.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Shades of Blue.htm	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Form.zip	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Portal\1033\PortalConnect.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\LICENSE	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Caracas	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\sbdrop.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\MSOSVINT.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Defender\MpOAV.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPWEC.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\hxdsui.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Update\Download\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\D3DCompiler_47.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IMCONTACT.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Asuncion	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\sr.pak	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPDMC.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\wlsrvc.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider_left.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmpnssui.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\pkeyconfig-office.xrm-ms	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\WindowsAccessBridge-64.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Moscow	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FRAR\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\resources.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\F12.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ja.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\STSUPLD.INTL.DLL	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\rt3d.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\SPRING.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\ktab.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{790FB95E-131F-4B1A-93CD-438F382AB794}\81.0.4044.129_chrome_installer.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\klist.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\settings.ini	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\WidevineCdm\_platform_specific\win_x64\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_it.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.Blueprints.tlb	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.ITS	ransom.bin.exe
File created	C:\Program Files\Common Files\System\wab32.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\drag.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\Welcome.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\nio.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.ELM	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\SettingsInternal.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\icon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\eula.rtf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\BOLDSTRI.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\WMPMediaSharing.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Chita	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\awt.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\Microsoft.VisualStudio.Tools.Applications.DesignTime.tlb	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1CORE.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Update\1.3.35.452\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\jsprofilerui.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.rll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\SKY.INF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_pt-BR.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-Regular.otf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_h.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\DismountWait.edrwx	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\hxdsui.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\hxdsui.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\icon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Perth	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jfr\profile.jfc	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RTC.der	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\chrome_watcher.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Defender\MpClient.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cayenne	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Tell_City	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\resources.pak	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_hr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\VBAJET32.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\imap.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateBroker.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\nb.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Belize	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\logging.properties	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.msi	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Nome	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\meta-index	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\zh-CN.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\jsdbgui.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\prism-d3d.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument.v9.0.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msdaremr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateHelper.msi	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\SmartTagInstall.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar	ransom.bin.exe
File opened for modification	C:\Program Files\ExpandRequest.bmp	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\LICLUA.EXE	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_h.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.ELM	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia	ransom.bin.exe
File created	C:\Program Files\Microsoft Analysis Services\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_no.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\DiagnosticsTap.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_up.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan	ransom.bin.exe
File opened for modification	C:\Program Files\RenameSend.pptm	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_fa.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\psfont.properties.ja	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msadce.dll	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\sw.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\OFFREL.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FDATE.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Juneau	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Araguaina	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdaorar.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\OPHPROXY.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Tijuana	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\hu.pak	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Installer\setup.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\settings.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Perth	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.SYX	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ro.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Module.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_zh-TW.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\EET	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\init.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_rest.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\OrangeCircles.jpg	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Class.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_right.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\sunec.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\avtransport.xml	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Oral	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.ELM	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\InkDiv.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.AddInAdapter.v9.0.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_es.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENES\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.core_3.5.0.v20120725-1805.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msado26.tlb	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\he.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Amman	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\picturePuzzle.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msado15.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.INF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_mr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.APL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.INF	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\ta.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search.api	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\psuser.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SaveAsRTF.api	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\ieproxy.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UNT	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\adovbs.inc	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaws.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\zip.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Baku	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RICHED20.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\LAYERS.ELM	ransom.bin.exe
File created	C:\Program Files (x86)\MSBuild\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ResourceInternal.zip	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFPrevHndlr.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\FREN\WT61FR.LEX	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\mpvis.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_settings.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\gadget.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\sound.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\instrument.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_settings.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msadomd.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Monaco	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msadds.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\t2k.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_sw.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Riga	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tl.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\adcjavas.inc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cancun	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSPTLS.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\EDGE.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Interface.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\en-GB.pak	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\fa.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\iedvtool.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\release	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-H	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDFFile_8.ico	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\AFTRNOON.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\en-US\wordpad.exe.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cayman	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\SLATE.ELM	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_de.dll	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Cairo	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jp2ssv.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ar.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\hxdsui.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\de.pak	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\STSUCRES.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\oeimport.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jfr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\RMNSQUE.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdasc.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\unpack200.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\wmlaunch.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square_h.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\SmallLogoCanary.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MUOPTIN.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\mpvis.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jaas_nt.dll	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_ja.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AboutBox.zip	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\orbd.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Monterrey	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUS\SETUP.XML	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\WATERMAR.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\logo.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\javaws.policy	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\digest.s	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv	ransom.bin.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_over.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Panama	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.HostAdapter.v10.0.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Client.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\handler.reg	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\BLUECALM.INF	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\jsdbgui.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Office.Word.AddInAdapter.v9.0.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\libGLESv2.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\ie9props.propdesc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\PublicAssemblies\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msdarem.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\EXPEDITN.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\cmm\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\DataSet.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_bottom.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\msdatasrc.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_settings.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Stars.htm	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\MDIParent.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7	ransom.bin.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\java.policy	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\stdole.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft.NET\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\jfr\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Noronha	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\default_apps\gmail.crx	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\Revert.wmz	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\VisualElements\SmallLogo.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\meta-index	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\SONORA.ELM	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh89	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\VSTARemotingServer.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msadcs.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jsdt.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_pressed.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\hr.pak	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\UserControl.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jp2launcher.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penjpn.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.ELM	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\es.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\cs.pak	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DVA.api	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\et.pak	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\slideShow.css	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_bottom.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL.IDX_DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msado25.tlb	ransom.bin.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\hxdsui.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\OWSHLP10.CHM	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\msdaorar.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Defender\en-US\MpAsDesc.dll.mui	ransom.bin.exe
File created	C:\Program Files\Microsoft Analysis Services\AS OLEDB\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EET	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kathmandu	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\WidevineCdm\_platform_specific\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\psuser_64.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\ext\dnsns.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_th.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\sidebar.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\javaws.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Miquelon	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_disabled.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\acro20.lng	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\BLENDS.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\kcms.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\net.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\INDUST.ELM	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\STSCOPY.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml	ransom.bin.exe
File opened for modification	C:\Program Files\SwitchClear.eps	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8PDT	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.INF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fontconfig.properties.src	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Client.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\icon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Anchorage	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\mip.exe.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FPERSON.DLL	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VGX\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\LEVEL.ELM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\skchui.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Defender\en-US\MpEvMsg.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\master_preferences	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-9	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msador15.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_pressed.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\handsafe.reg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\MEIPreload\preloaded_data.pb	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.DLL	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ta.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\INLAUNCH.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\libxml2.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\20200430124749.pma	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml	ransom.bin.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSSOAP30.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\management\management.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\drag.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\kinit.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ENFR\MSB1ENFR.ITS	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.Tools.Applications.Project.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\VSTAProjectUI.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Menominee	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe	ransom.bin.exe
File opened for modification	C:\Program Files\RequestLock.search-ms	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\WMPDMC.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zx______.pfm	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Managua	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.Adapter.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Tegucigalpa	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\vstoee100.tlb	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\mlib_image.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1STAR.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\decora-sse.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\STRTEDGE.INF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png	ransom.bin.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\settings.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\default_apps\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javafx-font.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Dawson	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\Visualizer.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.ssl_1.0.0.v20140827-1444.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Matamoros	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\xmlrw.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\nl.pak	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\cacerts	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Microsoft Office\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-It.otf	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\en-US\Sidebar.exe.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png	ransom.bin.exe
File created	C:\Program Files\Java\jre7\bin\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL	ransom.bin.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_zh-CN.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\fontmanager.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Pontianak	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations_2.4.0.v20131119-0908.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Syowa	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\nacl_irt_x86_64.nexe	ransom.bin.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_distributed.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\msdbg2.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_fr.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_rest.png	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\RADIAL.ELM	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jp2native.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInSideAdapters\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\Microsoft.Ink.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\management\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\hi.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Thawte Root Certificate.cer	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_pl.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\calendar.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\en-US\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\UCT	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\LICENSE	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dt_shmem.dll	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\policytool.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF	ransom.bin.exe
File created	C:\Program Files (x86)\Google\Chrome\Application\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml	ransom.bin.exe
File opened for modification	C:\Program Files\SelectExpand.pptx	ransom.bin.exe
File created	C:\Program Files\Common Files\System\wab32res.dll	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\activity16v.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\glass.dll	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Class.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml	ransom.bin.exe
File opened for modification	C:\Program Files\SuspendHide.ppsm	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\oledbvbs.inc	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\CASCADE.INF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\jsse.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\SetupMetrics\20200430125146.pma	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_ru.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\javafx.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Green Bubbles.htm	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Manaus	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_tr.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\gadget.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\HandPrints.jpg	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.events_3.0.0.draft20060413_v201105210656.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\F12Tools.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Mail\wabfind.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.IDX	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\msadcor.dll.mui	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Adak	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\TextConv\MSCONV97.DLL	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\EVRGREEN.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Phoenix	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.35.452\goopdateres_am.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\setup_wm.exe.mui	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-dock.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OSetupPS.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\MST7MDT	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\sv.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\settings.js	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfigInternal.zip	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\CAPSULES.INF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml	ransom.bin.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-api.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\fxplugins.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml	ransom.bin.exe
File created	C:\Program Files\DVD Maker\offset.ax	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png	ransom.bin.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Montevideo	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui	ransom.bin.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.129\Locales\sl.pak	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar	ransom.bin.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\en-US\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\ReadMe.txt	ransom.bin.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png	ransom.bin.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\bin\rmiregistry.exe	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12	ransom.bin.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5	ransom.bin.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar	ransom.bin.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\ReadMe.txt	ransom.bin.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\CoolType.dll	ransom.bin.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\System\ado\msadomd28.tlb	ransom.bin.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca	ransom.bin.exe

Drops desktop.ini file(s) 38 IoCs

description	ioc	Process
File created	C:\Users\Admin\Saved Games\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Links\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Downloads\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Desktop\desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Documents\desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Videos\Sample Videos\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Favorites\Links\desktop.ini	ransom.bin.exe
File created	C:\Program Files\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Music\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Favorites\Links for United States\desktop.ini	ransom.bin.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Desktop\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Videos\desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Music\Sample Music\desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Ringtones\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Favorites\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Contacts\desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Pictures\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Pictures\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Music\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	ransom.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	ransom.bin.exe
File created	C:\Program Files (x86)\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Searches\desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Videos\desktop.ini	ransom.bin.exe
File created	C:\Users\Admin\Documents\desktop.ini	ransom.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	ransom.bin.exe
File created	C:\Users\Public\Downloads\desktop.ini	ransom.bin.exe

Modifies service 2 TTPs 15 IoCs

persistence

Modify Registry

T1112

Modify Existing Service

T1031

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\UI	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enroll\HcsGroups	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NapAgent\Shas	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NapAgent\Qecs	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NapAgent\LocalConfig	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\Enroll\HcsGroups	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\napagent\LocalConfig\UI	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NapAgent\LocalConfig	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\ASR Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NapAgent\Shas	netsh.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NapAgent\Qecs	netsh.exe

C:\Users\Admin\AppData\Local\Temp\ransom.bin.exe
"C:\Users\Admin\AppData\Local\Temp\ransom.bin.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Drops startup file
- Drops file in Program Files directory
- Drops desktop.ini file(s)
PID:1516
- C:\Windows\system32\cmd.exe
  "cmd.exe"
  2⤵
  PID:1032
- - C:\Windows\system32\netsh.exe
    netsh.exe netsh advfirewall set currentprofile state off
    3⤵
    - Modifies service
    PID:1524
- C:\Windows\system32\cmd.exe
  "cmd.exe"
  2⤵
  PID:1792
- - C:\Windows\system32\netsh.exe
    netsh.exe netsh firewall set opmode mode=disable
    3⤵
    - Modifies service
    PID:1784
- C:\Windows\system32\cmd.exe
  "cmd" /C vssadmin Delete Shadows /All /Quiet
  2⤵
  PID:1820
- - C:\Windows\system32\vssadmin.exe
    vssadmin Delete Shadows /All /Quiet
    3⤵
    - Interacts with shadow copies
    PID:1748

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
- Modifies service
PID:1840

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

File Deletion

T1107

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact