1d28929f9b02c36ab2c65f916eb2d3b4bd36957c1dee8144a70d51d99d1da9d8

Resubmissions

14/06/2020, 05:31

200614-naxxd61ea6 8

Analysis

max time kernel
277s
max time network
283s
platform
windows7_x64
resource
win7v200430
submitted
14/06/2020, 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

github.exe
Size

26KB
MD5

bdd14abd6825eb1c3c4b1c71d65a637c
SHA1

a88c9f6cf48c95356a8bc339ef64497127f881a9
SHA256

1d28929f9b02c36ab2c65f916eb2d3b4bd36957c1dee8144a70d51d99d1da9d8
SHA512

8e22bc72091af2e3a931d06bb6fa2e106618784379dd9ea988654c34232104533a50b2e0125650585424a94fa2d4cdf54590ffdbc0c4d66b57a3b647a4e77eb3

Score

8^/10

persistence spyware evasion trojan

Malware Config

Signatures

Drops file in Program Files directory 2569 IoCs

description	ioc	Process
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\vlc16x16.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01245_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme23.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\statictext.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\executivereport.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\menu_arrow.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgchkbrd.xml	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\deploy\ffjcext.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph01221k.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01838_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\macroprogress.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\babyblue\header.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\office32.ww\office32ww.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_cn_5.5.0.165303\feature.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\executiveletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-host-remote.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb00703l.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\median.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir9f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\desert\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\velvetrose.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme17.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir4f.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\bg.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382961.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0390072.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\office classic 2.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14793_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir51b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\dadshirt.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\interface.zip	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\en-us\js\calendar.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\springgreen\button.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_alignright.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\country.css	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\smart tag\metconv.txt	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\huecycle\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0202045.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0386267.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14980_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\medianresume.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\alertimage_filehigh.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01253_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\microsoft.office.businessdata.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir33b.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\stationery\bears.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00170_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\slipstream.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\line.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgboxes.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\az.txt	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\zh-cn.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15061_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\lime\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\capsules\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme21.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\springgreen\button.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\axis\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21312_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_velvetrose.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl095.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\clock.gadget\en-us\css\clock.css	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\settings.zip	github.exe
File opened for modification	\??\c:\program files\7-zip\history.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-sendopts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0177806.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21314_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\swirl.css	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\office32.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\module.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightyellow\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.se.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-cli.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\office 2.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\lime.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\maroon.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formshomepagestyle.css	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\picturepuzzle.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\currency.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-options.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00103_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01297_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15156_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.jp.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\foldproj.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\jvm.hprof.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-settings.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21307_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir24f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\groovedocumentreview\inactivetabimage.jpg	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\journal\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-views.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099189.jpg	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\oriel.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115863.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\oasis.css	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\js\common.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\onenote\sendtoonenote-pipelineconfig.xml	github.exe
File opened for modification	\??\c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\subsetlist\client.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ast.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099193.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341645.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\rtf_underline.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0384900.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir49f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\slate.css	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\canyon\preview.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\ripple\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\bin\server\xusage.txt	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\jvm.hprof.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099152.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme07.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\formsviewattachmenticons.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10337_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\button_mid_over.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\orielreport.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\jvmti.h	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-text.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099185.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph01255g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02748g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\apothecaryresume.dotx	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\en-us\boxed-correct.avi	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14830_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir36b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\americana.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\projectstatusicons.jpg	github.exe
File opened for modification	\??\c:\program files (x86)\internet explorer\en-us\eula.rtf	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382938.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14801_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_groove.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\form_edit.js	github.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.5\redistlist\frameworklist.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\fy.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10268_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightorange\tab_on.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\xmlfile.zip	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\clock.gadget\en-us\js\clock.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0314068.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115841.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir42f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\biscay\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\cashreg.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\projecttool\project report type\fancy\minus.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn103.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-autoupdate-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir7b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir46b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\softblue\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099154.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\graycheck\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\submit.js	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\copying.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\thirdpartylicensereadme-javafx.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\accessweb\servwrap.asp	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\babyblue\button.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\whitebox.jpg	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\buttons.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\envelope.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\requests\status.xml	github.exe
File opened for modification	\??\c:\program files\windows media player\network sharing\connectionmanager.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\powerpoint.en-us\powerpointmui.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\jawt.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099156.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10335_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\outlinetooliconimages.jpg	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\cpu.gadget\en-us\js\cpu.js	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-swing-outline.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0387895.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02077_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir00.gif	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_lightspirit.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\textview.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_adobe.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099186.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\thatch.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\slerror.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\graycheck\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgmarq.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\weather.gadget\images\144dpi\(144dpi)alerticon.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgnavbar.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\studio\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\angles.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir20f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\alertimage_off.jpg	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\class.zip	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\form.zip	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\blueprnt\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-core-multiview.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\view.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\withcomp.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\access.en-us\accessmui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\couture.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_greentea.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\certificates\verisign\components\verisign_class_3_public_primary_ca.cer	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\add.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\fax\medianfax.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\other-48.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382957.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\wordirm.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\logindialogbackground.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\talk21.com.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\jungle.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01300_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15035_.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ms.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099198.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme12.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\messagehistoryiconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.es.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\button_right.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\j0115856.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\modern.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl020.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgad.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\blog.dotx	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\canyon\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02736g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\grid.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme03.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\attention.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-core-multitabs.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00161_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14516_.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\currency.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\videowall\203x8subpicture.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-javahelp.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-host.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099202.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_bold.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\weather.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00040_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143749.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\civic.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\macroprogress.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl089.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph01931j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_center.gif	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\back-48.png	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\da.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\aftrnoon\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14833_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\reminder.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\lime.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14711_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\addtoviewarrow.jpg	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\cpu.gadget\en-us\css\cpu.css	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\specialoccasion\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\thirdpartylicensereadme.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\trek.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15135_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\things\whoosh.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_texturedblue.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\originmergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler-selector-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0289430.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10301_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15056_.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-attach.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00129_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\people\whistling.wav	github.exe
File opened for modification	\??\c:\program files (x86)\common files\adobe\updater6\adobeaum_rootcert.cer	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\ospp.vbs	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\launch.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\sr-spc.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0144773.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\picturestooliconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00142_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_premium.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\validation.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\button_right.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\teal.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\pushpin.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14996_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\americana\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme09.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme52.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl027.xml	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\vignette\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-templates.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph03205i.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21305_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme39.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\elemental.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\people\mmhmm.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.no.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\sts2.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\graycheck\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\office word 2003 look.dotx	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\ricepapr\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-netbeans-modules-queries.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0384888.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\sts2\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\sq.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\bd19563_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341551.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21343_.gif	github.exe
File opened for modification	\??\c:\program files (x86)\common files\microsoft shared\stationery\bears.jpg	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ug.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\proofing.en-us\proofing.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145707.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\slipstream.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir35f.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143754.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\id.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21400_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21413_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgpquot.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\adjacencyletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winxptsframe.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir29f.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\images\on_desktop\slideshow_glass_frame.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\layers\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14529_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\prottpln.ppt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\cascade\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\satin\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21342_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\desert.css	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\images\cursors\win32_linknodrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\black tie.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir30f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\infopathom\infopathomformservices\microsoft.office.infopath.xml	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\images\bg-desk.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\arctic\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\orielletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\sts2\background.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\assemblyinfointernal.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\sts2\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\groove.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-api-search.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\notifierdownarrow.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\attachments.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_increaseindent.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\sk.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-jmx.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143745.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl092.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir6f.gif	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\thanks.txt	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ru.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-masterfs-nio2.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\couture.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\xlcprtid.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir7f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme49.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsviewattachmenticons.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\texturedblue.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\stopicon.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl105.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-favorites.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02897j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir47b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00130_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21377_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\verisignlogo.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl082.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\network\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\thirdpartylicensereadme.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme29.css	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\visualelements\smalllogo.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\evrgreen\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-io-ui.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-sampler.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\lt.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\images\cursors\win32_copydrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115834.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\break.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_underline.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\clock.gadget\en-us\css\clock.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01843_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb00673l.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir43f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\camera.wav	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\office classic.xml	github.exe
File opened for modification	\??\c:\program files (x86)\mozilla maintenance service\logs\maintenanceservice-install.log	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\clock.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files (x86)\reference assemblies\microsoft\framework\v3.5\subsetlist\client.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\americana.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\button_left.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl087.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\adjacencymergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\softblue.css	github.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.0\winfxlist.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\weather.gadget\en-us\js\highdpiimageswap.js	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\weather.gadget\en-us\css\localizedsettings.css	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\infopath.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02053j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl081.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\urbanreport.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\js\controllers.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\tabon.jpg	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\pixel\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\profile\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15057_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formshomepagescript.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_alignleft.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\deepblue\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\calendar\globebuttonimage.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21324_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions_response.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir5f.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\slideshow.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\add.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\cpu.gadget\images\back.png	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\babyboy\babyblue.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02740g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01740_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir6f.gif	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\oldage\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightyellow\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\xml files\startertooltemplates.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn048.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\onenote.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-openide-loaders.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099195.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme05.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0287641.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn110.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\greentea.css	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\class.zip	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\evrgreen\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\iris\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15023_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\exlirmv.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145895.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\adjacencyresume.dotx	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\nl.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\swirl\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\oasis\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\cpu.gadget\en-us\css\cpu.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir15f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\invite.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-api-visual.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099187.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143743.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14753_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\softblue\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14756_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\alertimage_contactlow.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl078.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00057_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14829_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\slate\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\button_left.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl110.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\spring\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\grid.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn020.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\apothecarynewsletter.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph01213k.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\places\alarm.wav	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\custom.lua	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\greentea.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\postcard.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0178639.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\swirl.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme43.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir31b.gif	github.exe
File opened for modification	\??\c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\redistlist\frameworklist.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382958.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21299_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir32f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_olivegreen.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\softblue\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14870_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme10.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\certificates\groove.net\components\signedcomponents.cer	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_slateblue.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\springgreen\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_texturedblue.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\office.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0384895.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0400004.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme30.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir50f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341554.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\urban.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\swirl.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\utilityfunctions.js	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\en-us\js\slideshow.js	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\hu.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10253_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14792_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\access12.acc	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\readme.txt	github.exe
File opened for modification	\??\c:\program files (x86)\common files\adobe air\versions\1.0\adobe root certificate.cer	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\radial\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0287645.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14531_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21366_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn096.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145272.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145361.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme01.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\radio.jpg	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\mdiparent.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgpiccap.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\aspect.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14532_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightyellow.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\graycheck\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn027.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21295_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme33.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_country.gif	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\installer\chrome.7z	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\emptydatabase.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_premium.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\submit.js	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\currency.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\hi.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\access.en-us\accessmuiset.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\metro.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler-snaptracer.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir45f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\launch.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\nl.rogers.com.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgmain.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb00760l.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.pl.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn108.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341455.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02214_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir1f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\utilityfunctions.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.co.nz.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14513_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14528_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15276_.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows media player\media renderer\avtransport.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\black tie.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14754_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\unreadiconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\equityreport.dotx	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\picturepuzzle.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14883_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir18f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl026.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382927.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0387882.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_alignright.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\appconfiginternal.zip	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\grphflt\ms.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\ricepapr\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\lime\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_bullets.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\softblue\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\pacbell.net.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01238_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\babyblue\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\calendar\calendarviewbuttonimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\documentshare\wssfilestoolhomepagebackground.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\lime.css	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\mdiparent.zip	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\module.zip	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\babygirl\16_9-frame-background.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler-api.xml	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\images\cursors\win32_movenodrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0309664.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21322_.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler-heapwalker.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\places\warn.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dglinacc.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\thatch.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_earthy.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\menu.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\el.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0313965.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02829j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_lightspirit.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\adobe.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0400003.png	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\slideshow.gadget\en-us\css\settings.css	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\outlook.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\echo\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\watermar\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\layeredtitles\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-nodes.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme31.css	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\resource\typesupport\unicode\mappings\mac\centeuro.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-windows.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-startup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099165.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0287642.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\splashimage.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn109.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\requests\vlm.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\mk.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00165_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0149018.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\graycheck\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme37.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\prottpln.xls	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\default.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00139_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14844_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\newsprint.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\skins\winamp2.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_choosecolor.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\graycheck\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\macroprogress.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\wind.wav	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\web\webbase.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-netbeans-modules-options-api.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10267_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21339_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.au.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\rssfeeds.gadget\images\16-on-black.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099188.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02028k.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\angles.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme55.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\certificates\groove.net\managedobjects\signedmanagedobjects.cer	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\microsoft.office.businessapplications.runtime.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\cert.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\apothecaryletter.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\presentation designs\maple.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\slate\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_earthy.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\excel.en-us\excelmui.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-autoupdate-services.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00171_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\sts.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.hk.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\main\base.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\concrete\preview.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\sky\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15034_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21340_.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\ice\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00158_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir38f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.vn.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\apothecarymergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\velvetrose.css	github.exe
File opened for modification	\??\c:\program files\mozilla firefox\browser\blocklist.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\sky\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\paper.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15172_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightyellow.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir10f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formshomepagescript.js	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\speaker-32.png	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\reader\optional\readme.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-keyring.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14581_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14795_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir16f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir4b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\swirl\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14578_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14983_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21302_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme24.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir3f.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\currency.gadget\en-us\css\currency.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml	github.exe
File opened for modification	\??\c:\program files\java\jre7\readme.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00160_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_adobe.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_casual.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\desert.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\suction.wav	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21315_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\swirl\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme48.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\banner.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_formshomepageslice.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\rssfeeds.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0164153.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382965.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0400005.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21331_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_choosefont.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ps.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\indust\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightyellow.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\casual.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\velvetrose.css	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\resource\linguistics\languagenames2\displaylanguagenames.en_ca.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\thirdpartylicensereadme-javafx.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115836.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\flash.net.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\cpu.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341439.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341654.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21319_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl083.xml	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\weather.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\textfile.zip	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\push\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\images\cursors\win32_movedrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir33f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir8b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn107.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\bd10972_.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\smart tag\lists\1033\stocks.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15018_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21306_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme50.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\document parts\1033\14\built-in building blocks.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\authors.txt	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\reader\plug_ins\annotations\stamps\enu\dynamic.pdf	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\edge\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph03041i.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\things\can.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_groove.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\hammer.wav	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\office.en-us\officemui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph03143i.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir40f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn065.xml	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\reader\tracker\add_reviewer.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-sa.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143758.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\addins\msosec.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341653.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\nvbell.net.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\requests\browse.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb01741l.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir43f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\alertimage_high.jpg	github.exe
File opened for modification	\??\c:\program files\windows media player\media renderer\avtransport.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\expeditn\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01268_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightyellow\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir1b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\meetingicon.jpg	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\pl.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph03425i.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21297_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143750.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\slate\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\blacktieresume.dotx	github.exe
File opened for modification	\??\c:\program files\mozilla firefox\browser\visualelements\visualelements_70.png	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\assemblyinfo.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir7b.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\clock.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\picturepuzzle.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\slideshow.gadget\images\on_desktop\slideshow_glass_frame.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\level\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler-attach.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15185_.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\version.txt	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\mediacenter.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\weather.gadget\images\1.png	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\explorer.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01301_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\rtf_choosefont.gif	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_flat_10_000000_40x100.png	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\mediacenter.gadget\js\main.js	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\gu.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099200.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-core-windows.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341499.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.co.kr.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.hk.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml	github.exe
File opened for modification	\??\c:\program files\java\jre7\thirdpartylicensereadme.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02082_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir10f.gif	github.exe
File opened for modification	\??\c:\program files (x86)\common files\adobe air\versions\1.0\template.msi	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341328.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382942.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\solstice.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme25.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\sign.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl103.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-heapdump.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir6b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\desert\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\slate\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_bullets.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-keyring-impl.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14533_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21503_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.co.th.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir24f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\notifierdisableuparrow.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\springgreen.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-host-views.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\austin.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15133_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15134_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\oasis\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.co.jp.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099161.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightorange\button.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_decreaseindent.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\originmergefax.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\messageattachmenticonimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\lightspirit.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\calendar.xml	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\rssfeeds.gadget\images\16-on-black.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-execution.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir45f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir17f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21296_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\distinctive.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn102.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ro.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\waveform.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_client.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\network\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd10290_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd10307_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir37f.gif	github.exe
File opened for modification	\??\c:\program files\mozilla firefox\uninstall\uninstall.log	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph03014_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21504_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme22.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtktsframe.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\places\radar.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00172_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\things\horn.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\lightspirit.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\softblue\background.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14691_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14692_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21435_.gif	github.exe
File opened for modification	\??\c:\program files\openwait.rtf	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ca.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\eclipse\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\images\cursors\win32_copynodrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\clarity.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21325_.gif	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\chrome.visualelementsmanifest.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\proplus\setup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0178348.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14985_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\slate\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir9b.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\deepblue\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0178632.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgaccbox.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\requests\playlist.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01748_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02198_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\apothecary.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14871_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\sts2\tab_on.gif	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\visualelements\logo.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099168.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\certificates\groove.net\servers\relay.cer	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_premium.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\form.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\seamarbl.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21310_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgsidebrv.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\form_statusimage.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\blacktieletter.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\proplus\proplusww.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02750g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02106_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_premium.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\view.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\password.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn089.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\qp.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\equityresume.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\urbanresume.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341557.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir12f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn044.xml	github.exe
File opened for modification	\??\c:\program files\mozilla firefox\firefox.visualelementsmanifest.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd10219_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\offisupp.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\places\vibe.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\country.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_velvetrose.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01742_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14755_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_country.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\babyblue\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\click.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\heading.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\babyblue\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\images\cursors\win32_linkdrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph03224i.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\urban.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21398_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme13.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\bn.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\swirl\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\delete.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_alignright.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\slideshow.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\softblue\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\clock.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-profiler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0148757.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\biscay.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightorange\background.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\settingsinternal.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-lib-profiler-ui.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\currency.gadget\en-us\css\currency.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\mactsframe.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382959.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143746.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21364_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\chimes.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.de.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\lv.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00176_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15173_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\rtf_spellcheck.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions_doc.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\fur.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\publisher.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00135_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formshomepagestyle.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\applause.wav	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ne.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0284916.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115839.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21328_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_italic.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115867.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\ipirm.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\biscay\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00052_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\grip.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\messageboxiconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\attention.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\fi.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\babyblue\button.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir41f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\rogers.com.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\flyer.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\executive.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\adjacency.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme19.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\groovedocumentreview\activetabimage.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.xml	github.exe
File opened for modification	\??\c:\program files\checkpointassert.xlsx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\graycheck.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\americana\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\slate\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\orielmergefax.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\apex.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10263_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme35.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\originreport.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\perspective.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21519_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\notifierbackgroundrtl.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\viewby.gif	github.exe
File opened for modification	\??\c:\program files\internet explorer\timeline.cpu.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler-oql.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\briefcaseicon.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn011.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-api-progress.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-util-enumerations.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-profiling.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir50f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\earthy.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382962.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir13f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir19f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\people\hiccup.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\addtoviewarrow.jpg	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\grphflt\ms.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\win32\bridge\accessbridgecallbacks.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15168_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir44f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir5f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15022_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21301_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir11f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\oasis\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\pinelumb.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir8b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl109.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\journal\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341559.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01751_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions\arrow.png	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\nb.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme51.css	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\appconfig.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph03379i.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\simple.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\certificates\verisign\components\verisign_class_3_code_signing_2001-4_ca.cer	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\pawprint.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01743_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01746_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\listbox.jpg	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\weather.gadget\images\120dpi\(120dpi)alerticon.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0075478.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21344_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\prottplv.xls	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir45b.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\aboutbox.zip	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\eu.txt	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ka.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-lib-profiler-common.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir27f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\unreadicon.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-core-io-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341475.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382947.jpg	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\sumipntg\preview.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\weather.gadget\images\1.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\clarity.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14845_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\slate.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_bold.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\slideshow.gadget\images\in_sidebar\bg_sidebar.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\austin.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21337_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightorange.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\horizon.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgwebad.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\images\cursors\win32_movenodrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0287644.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14580_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\originresume.dotx	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\reader\pdfsigqformalrep.pdf	github.exe
File opened for modification	\??\c:\program files (x86)\common files\adobe\updater6\adobeupdater.cer	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0309598.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02116_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\save.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\maroon.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\program.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\essentialreport.dotx	github.exe
File opened for modification	\??\c:\program files\windows nt\tabletextservice\tabletextserviceamharic.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01734_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15170_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\people\throat.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn058.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-keyring-fallback.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\reader\plug_ins\annotations\stamps\words.pdf	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\cpu.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0178459.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0384862.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21433_.gif	github.exe
File opened for modification	\??\c:\program files\closerevoke.pdf	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\pets\notes_intro_bg.wmv	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\stacking\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099155.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145212.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\bomb.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\fax\urbanfax.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0178932.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\places\buzz.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_country.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl090.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winxphandle.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115844.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\version.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382931.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01293_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14984_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\xml files\messenger.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\sonora\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-compat.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382968.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21321_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir44f.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\image.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\springgreen\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\mediacenter.gadget\css\flyout.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382926.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0386764.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15059_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\calendar.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\sts2\tab_on.gif	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\visualelements\smalllogodev.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-openide-explorer.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb00516l.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\prottpln.doc	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\notifierbackground.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\ad.xml	github.exe
File opened for modification	\??\c:\program files\updateblock.crw	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099203.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0295241.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\error.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir35b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\textarea.jpg	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\be.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-api-annotations-common.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-explorer.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14565_.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\mediacenter.gadget\images\button_left_mousedown.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\numbers\numbase.xml	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\full\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\datalisticonimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\notifierdisabledownarrow.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_underline.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01246_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\thatch.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\babyblue.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\things\shovel.wav	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\visualelements\logobeta.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\slate.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macgrey.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145904.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14997_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\slateblue.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir1b.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\th.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21535_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\premium.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir14f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_alignleft.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-autoupdate-cli.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler-selector-api.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\essential.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\shared24x24images.jpg	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\sa.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0146142.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\babyblue\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_justify.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\picturepuzzle.gadget\en-us\css\picturepuzzle.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\form_edit.js	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ta.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-openide-text.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\dataviewiconimages.jpg	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\iris\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-openide-modules.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-application-views.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\executive.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme14.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\readme.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21329_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\validation.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\delete.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21520_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\graycheck\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl086.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01243_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14791_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir46f.gif	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\visualelements\smalllogobeta.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_groove.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn081.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\clock.gadget\images\cronometer.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\aftrnoon\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\exlirm.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\microsoft.office.businessapplications.runtimeui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl075.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\main.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\sts.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\machandle.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-core-kit.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14514_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_adobe.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_spellcheck.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\groovedocumentreview\bodypanebackground.jpg	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\performance\720x480blacksquare.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winxpbluhandle.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01244_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.cn.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\technic.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10266_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\babyblue\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions\person.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightorange\button.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\weather.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02749g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme26.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\things\coupler.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\email.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\orielmergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14515_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightyellow\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir2f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl106.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\loginform.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-dialogs.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382963.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10255_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\informationicon.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\swirl\background.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\office32.en-us\office32mui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14656_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir30b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_greentea.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\button_mid_over.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\sts2\header.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\hr.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\opulent.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\americana\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir30f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0315580.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_olivegreen.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\origin.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pptirmv.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir31f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme28.css	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\picturepuzzle.gadget\images\0.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\grphflt\ms.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\proofing.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10297_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21316_.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\cs.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21527_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\webtooliconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\viewheaderpreview.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgwebcal.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\win32\jawt_md.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01770_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd10308_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\publicfunctions.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn022.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21298_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\swirl\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\adjacencyreport.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0384885.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02069j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightyellow\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\biscay\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\br.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14769_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\button.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn086.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ga.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-core-execution.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21308_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\essentialletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143753.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn092.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ku.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\jni.h	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-openide-util.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-application.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\oasis.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightyellow\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn001.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-api-caching.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\olivegreen.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\softblue\background.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme15.css	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\picturepuzzle.gadget\images\0.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0227419.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0287643.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\elegant.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\perspective.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\babyblue\button.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\rmnsque\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\flow.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\js\ui.js	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\papyrus\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\oriel.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_right.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\equitymergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\kk.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099201.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0175361.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\delete.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21294_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21434_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme54.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.co.in.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn097.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\water\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\sts2\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\commsincomingimagesmall.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\currency.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\ameritech.net.xml	github.exe
File opened for modification	\??\c:\program files\mozilla firefox\install.log	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\blends\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0175428.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_slateblue.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0313970.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01745_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21313_.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\it.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\blueprnt\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\resizingpanels\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0178460.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir49b.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\usercontrol.zip	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\capsules\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\hardcover.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\americana.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\concourse.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\horizon.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21399_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\rtf_bold.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir38f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl001.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\powerpoint.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382967.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir48b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\webtoolimages16x16.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\voltage.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\babyblue\header.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\satin\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00167_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099196.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382944.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_justify.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21336_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme34.css	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\visualelements\logodev.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\edge\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099199.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0174952.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01839_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02218_.gif	github.exe
File opened for modification	\??\c:\program files (x86)\reference assemblies\microsoft\framework\v3.0\winfxlist.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\form_edit.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl065.xml	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\rssfeeds.gadget\en-us\js\rssfeeds.js	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\16to9squareframe_buttongraphic.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382939.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21518_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\oasis\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_increaseindent.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\es.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00164_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\infopathom\microsoft.office.infopath.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir12f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_texturedblue.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\submit.js	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\proof.es\proof.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\bluecalm\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-loaders.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15132_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\springgreen\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\fax\orielfax.dotx	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme44.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-swing-tabcontrol.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir27f.gif	github.exe
File opened for modification	\??\c:\program files (x86)\common files\adobe\updater6\adobeupdate.cer	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0337280.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\babyblue\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgdots.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\projecttool\project report type\fancy\hierarchy.js	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\resourceinternal.zip	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\gl.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\refined\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-windows.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir47f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\places\toot.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01292_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir34b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir49b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.fr.xml	github.exe
File opened for modification	\??\c:\program files (x86)\common files\speechengines\microsoft\tts20\en-us\enu-dsk\m1033dsk.crt	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\mobile.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\nn.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\arctic\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-masterfs.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\calendartooliconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\ct_roots.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions\main.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir4f.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\he.txt	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\lij.txt	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\uk.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01219_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\spacebackupicons.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\addtoviewarrow.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_earthy.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl010.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\news.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\teal.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsviewattachmenticons.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winxpblue.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml	github.exe
File opened for modification	\??\c:\program files\java\jre7\bin\server\xusage.txt	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\images\cursors\invalid32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\medianreport.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-openide-execution.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01750_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10302_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightorange\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\equitymergefax.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\executiveresume.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0216153.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0309705.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21427_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\bibliography\bibform.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_choosecolor.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\desert\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl044.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\greeting.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\settingsinternal.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-core-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\foundry.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\technic.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\desert\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\breeze\preview.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\slate\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\classfile_constants.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02073_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\springgreen\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.mx.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\blacktiemergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-progress-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0148309.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02412k.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir47f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\alertimage_fileoff.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme02.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir33f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\checkbox.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.tw.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\desert\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgtoc.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\currency.gadget\images\activity16v.png	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\fa.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-editor-mimelookup-impl.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21335_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\j0115855.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd10256_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formshomepagescript.js	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winxpblutsframe.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15272_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_pressed.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn002.xml	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\clock.gadget\images\cronometer.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\springgreen\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\alphabet.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\quad\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382952.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions_generic.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\essentialmergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145810.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10336_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\olkirm.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme41.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\sl.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099194.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\aspect.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\elphrg01.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\date.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02810j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14982_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21505_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\prodigy.net.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\picturepuzzle.gadget\en-us\js\picturepuzzle.js	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\weather.gadget\images\144dpi\(144dpi)alerticon.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\compass\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-modules-appui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\attention.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\oasis\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\btinternet.net.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl102.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-threaddump.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02074_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14654_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115868.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_formshomepage.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21376_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir26f.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\rssfeeds.gadget\en-us\js\rssfeeds.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_slateblue.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02743g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02746g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01330_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15274_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01840_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir31f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir34f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\unformattednumeric.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\adjacency.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\sts2\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\notebook.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\outlperf.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir15f.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\pixel\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00169_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099147.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\origin.xml	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\memories\16_9-frame-background.png	github.exe
File opened for modification	\??\c:\program files\microsoft sync framework\v1.0\documentation\1033\license agreements\synchronizationeula.rtf	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\en-us\css\settings.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382925.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01237_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15060_.gif	github.exe
File opened for modification	\??\c:\program files\getpop.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-awt.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-jvmstat.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15273_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\babyblue.css	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\slideshow.gadget\en-us\js\slideshow.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\button_right_over.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\mng.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\outlook.en-us\outlookmui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\metro.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10264_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pptirm.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\premium.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\et.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\bd10890_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme04.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\shared16x16images.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\swirl\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\snet.net.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341561.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0387604.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10300_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir3b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir50b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14693_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21533_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\oasis\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\projecttaskicon.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-coredump.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\prottplv.doc	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\letthead.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\resourceinternal.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_country.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.sg.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\spring\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341636.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382960.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15072_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir28b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl011.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\publisher.en-us\publishermui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0313896.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\form.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_groove.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\circleicons.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\arrow.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgcinfo.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgcoupon.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\oracle.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0177257.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01299_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\swirl\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\olivegreen.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgpunct.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\softblue.css	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\visualizer.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-spi-actions.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0400001.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21423_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\wssfilestooliconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgstory.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft.net\redistlist\assemblylist_4_extended.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\pt.txt	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\va.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0313974.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir9f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir39f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\wans.net.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\calendar.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\usercontrol.zip	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\profile\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\newsprint.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21422_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir49f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_mid.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\images\in_sidebar\bg_sidebar.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15136_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\validation.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\originletter.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\uninstall.log	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\studio\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00004_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir44b.gif	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\reader\idtemplates\enu\adobeid.pdf	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl012.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl111.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15058_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14594_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\springgreen.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme20.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\americana\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\deploy\splash.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\teal.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\fax\originfax.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn082.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\io.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\masterix.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01298_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\babyblue\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\calendar.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_lightspirit.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formtoolimages.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-options-api.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\apothecary.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14582_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21448_.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\axis\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341447.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14677_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\essentialresume.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgrepfrm.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\win32\bridge\accessbridgecalls.h	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099150.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14538_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\adobe.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\zh-tw.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02759j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\people\sneeze.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\infopathom\infopathomv12\microsoft.office.infopath.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\radial\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-openide-nodes.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-options-keymap.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgwebref.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\codefile.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0234687.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\slateblue.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\utilityfunctions.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\xml files\starterapplicationdescriptors.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\earthy.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\brochure.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\gift.xml	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\sports\circlesubpicture.png	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\travel\16_9-frame-background.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00157_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0302953.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\computers\computericon.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_velvetrose.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\olivegreen.css	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\quad\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01304g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\microsoft.office.interop.infopath.semitrust.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme06.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir41f.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\access.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02039_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\calendar.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\cascade\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382970.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme18.css	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\audio-48.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-spi-quicksearch.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00126_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0300520.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\urbanletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir3b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir7f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_adobe.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\lime\tab_off.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows nt\tabletextservice\tabletextserviceamharic.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-core-output2.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb00531l.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14866_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir6b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\sts.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14867_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14868_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\slateblue.css	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\flippage\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099190.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\module.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\babyblue.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\mng2.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\draghandle.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions\generic.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl093.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\form.zip	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\cy.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions\gradient.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_left.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph01179j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14710_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\button_mid.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\casual.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph03380i.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir50b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\viewheaderpreview.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\dropins\readme.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-queries.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir8f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01747_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\softblue.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\sbcglobal.net.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\medianmergefax.dotx	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\hy.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0386485.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\oasis\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir2b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\viewselectionchanged.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0400002.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15021_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl002.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl022.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\groove.en-us\groovemui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099160.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.my.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl058.xml	github.exe
File opened for modification	\??\c:\program files (x86)\common files\adobe\help\en_us\adobe reader\9.0\helpmap.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15155_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme38.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\graycheck.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\graycheck\tab_off.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\rssfeeds.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-lib-profiler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145879.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0386270.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir42f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.it.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099197.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir43b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\form.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn054.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\blacktienewsletter.dotx	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\weather.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14579_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14981_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\commsoutgoingimage.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.co.id.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\wordirmv.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\desert\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\wordrep.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\judgesch.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\vi.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10254_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_right_over.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_hyperlink.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_hyperlink.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightorange\background.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\bizcard.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\an.txt	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\co.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\deploy\splash.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14768_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\orielresume.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\welcome tool\iconimages.jpg	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\expeditn\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\sonora\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\notifieruparrow.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_formshomepage.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\softblue\background.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ko.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02567j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme36.css	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\text.zip	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\currency.gadget\images\activity16v.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21480_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115864.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions\response.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\spacer.gif	github.exe
File opened for modification	\??\c:\program files\invokeundo.pdf	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-tools.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0315612.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02752g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_lightspirit.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\sr-spl.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir46b.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\splashscreen.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21370_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\swirl\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\pt-br.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\concrete\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-io.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143752.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\proof.en\proof.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-modules-profiler-utilities.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\manuscript.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.ph.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\calendar.gadget\en-us\css\calendar.css	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\refined\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0315447.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14831_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15277_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\earthy.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-netbeans-core.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14882_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\casual.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme53.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_formshomepageblank.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\sectionheading.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382955.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14752_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\ipirmv.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\sts2\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir16f.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\word.en-us\wordmui.xml	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\images\cursors\win32_linkdrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\groovedocumentreview\markupiconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\label.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\win32\bridge\accessbridgepackages.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341344.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341534.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14869_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgatnget.xml	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\visualelements\smalllogocanary.png	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\rssfeeds.gadget\en-us\css\flyout.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\index.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb00780l.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21495_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\certificates\groove.net\servers\management.cer	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_increaseindent.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099192.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\view.js	github.exe
File opened for modification	\??\c:\program files (x86)\reference assemblies\microsoft\framework\v3.5\redistlist\frameworklist.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\af.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_center.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\springgreen.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\projecttoolseticonimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgborder.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\tr.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\softblue\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\publicfunctions.js	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\images\blank.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341742.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21481_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\numeric.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.br.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099191.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21548_.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\resource.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme32.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\viewdblclick.js	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\slideshow.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\commsincomingimage.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_formshomepageblank.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\push.wav	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382948.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21300_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21512_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme11.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\discussion\discussiontooliconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\zoomicons.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pg_index.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgwebsbr.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\kaa.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0302827.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\fancy.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_left_over.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\digitalink.jpg	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\rssfeeds.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\strtedge\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\internet explorer\en-us\eula.rtf	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0182689.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_bullets.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0309585.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\desert.css	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\assemblyinfointernal.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions_person.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir8f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\bg_formshomepageslice.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\mr.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\infopath.en-us\infopathmui.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\smart tag\lists\1033\dates.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\smart tag\lists\1033\time.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01294_.gif	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\resource\typesupport\unicode\mappings\win\cp1250.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightorange.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\texturedblue.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\fax\equityfax.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\images\cursors\win32_linknodrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14790_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_greentea.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_pressed.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\clock.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-print.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\lime\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\swirl\background.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl108.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_justify.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\kab.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14800_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\dataservices\+newsqlserverconnection.odc	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_italic.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\error.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\calendar.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winclassictsframe.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00021_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00175_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\hardcover.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382836.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01749_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15020_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir22f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\viewheaderpreview.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\rtf_pressed.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\springgreen\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\traditional.dotx	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\grphflt\ms.eps	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\moduleautodeps\org-openide-filesystems.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0227558.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\biscay\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\ice\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir37f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn095.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15073_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\explode.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\bizform.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\proof.fr\proof.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\profiler\config\modules\org-netbeans-lib-profiler-charts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01241_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\concourse.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\equity.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\sv.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiling.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\elemental.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\paper.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\office.en-us\branding.xml	github.exe
File opened for modification	\??\c:\program files\mozilla firefox\browser\visualelements\visualelements_150.png	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\sumipntg\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\places\laser.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\sts2\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\excel.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341448.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir28f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir23f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\menus.js	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\vlc-48.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382966.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\opulent.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\j0115876.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme08.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ar.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21338_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_left_disable.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\xml files\starternotificationdescriptors.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\picturepuzzle.gadget\en-us\css\picturepuzzle.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-editor-mimelookup.xml	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dissolveanother.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\composite.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\verve.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\alertimage_medium.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\oasis\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-uihandler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02134_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\oasis.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.co.uk.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl096.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7tsframe.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099145.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0309567.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\biscay.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\type.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21309_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir21f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\outofsynciconimages.jpg	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\rmnsque\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-uisupport.xml	github.exe
File opened for modification	\??\c:\program files\java\jre7\lib\images\cursors\win32_copydrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099157.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10298_.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-swing-plaf.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\median.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir32f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl097.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01744_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\perspective.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\commsoutgoingimagesmall.jpg	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\ripple\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0178523.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14539_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_texturedblue.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_alignleft.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ky.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14655_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir29f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir51b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_choosecolor.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_velvetrose.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir3f.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01296_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15169_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115843.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\dataservices\+connect to new data source.odc	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\calendar\calendartooliconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_center.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\weather.gadget\en-us\css\localizedsettings.css	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\eo.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\tipsimage.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\btopenworld.com.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382969.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02085_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\attention.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formtoolimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\techtool.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\sts2.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir25f.gif	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_mid_over.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\whoosh.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\equityletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\verve.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14530_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15302_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21390_.gif	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21326_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\microsoft.businessdata.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\people\giggle.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formtoolimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl077.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn075.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir36f.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21365_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme16.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme46.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir29b.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\uz.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01239_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir5b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\swirl\background.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightorange\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\contact.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgbarbll.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\bd19582_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn105.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\papyrus\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\trek.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21304_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir46f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\sts2.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\embeddedview.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\swbell.net.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7handle.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00038_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0309480.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341738.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382930.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\executivemergeletter.dotx	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\appconfigurationinternal.zip	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\picturepuzzle.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01295_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143748.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02097_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd10289_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_mid_disable.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgstoryvert.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\urbanmergefax.dotx	github.exe
File opened for modification	\??\c:\program files\7-zip\readme.txt	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\shatter\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\jvmticmlr.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15184_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightyellow\header.gif	github.exe
File opened for modification	\??\c:\program files (x86)\google\update\1.3.35.452\googleupdatehelper.msi	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\boldstri\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\flow.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0283209.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\rssfeeds.gadget\en-us\css\flyout.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_decreaseindent.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\button_mid.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00011_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph01239k.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15171_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\rtf_choosefont.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0179963.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir32b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\taboff.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\rtf_decreaseindent.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn010.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\stationery\1033\currency.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\echo\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0387578.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21333_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir17f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir19f.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\win32\bridge\accessbridgecalls.c	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph01046j.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115865.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd15301_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme27.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-charts.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\sketchpadtestschema.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\discussiontooliconimages.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\medianletter.dotx	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\dialog.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\graycheck.css	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\slideshow.gadget\images\blank.png	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\weather.gadget\images\120dpi\(120dpi)alerticon.png	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\cpu.gadget\en-us\js\cpu.js	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\compass\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir26f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir4b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\laser.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgzipc.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\composite.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\apex.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\things\splash.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl107.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgheading.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\images\cursors\win32_copynodrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir47b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\springgreen\button.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\lime\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir20f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\americana\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgwebhd.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\win32\jni_md.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00120_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0149118.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph00601g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir34f.gif	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\ea.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir21f.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\is.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\thirdpartylicensereadme.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb02229_.gif	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\setup files\{ac76ba86-7ad7-1033-7b44-a90000000001}\acroread.msi	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-core.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21311_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formsviewattachmenticons.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\oasis\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\waveform.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115866.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn090.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0341634.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\essential.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir45b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd14595_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme40.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir44b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_olivegreen.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\button_right_over.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.com.ar.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0216112.jpg	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\video-48.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-openide-actions.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\microsoft.office.interop.infopath.xml.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\brightyellow\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl104.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgcal.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-sampler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\equity.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21332_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.ie.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\save.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14794_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21348_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\onenoteirm.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\discussion.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\search.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\biscay\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_earthy.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\si.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\blends\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00037_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15275_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21318_.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ja.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\layers\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21323_.gif	github.exe
File opened for modification	\??\c:\program files\dvd maker\shared\dvdstyles\rectangles\1047x576black.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightorange\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl016.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir48f.gif	github.exe
File opened for modification	\??\c:\program files\reference assemblies\microsoft\framework\v3.0\redistlist\frameworklist.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\yo.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\smart tag\lists\1033\phone.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\watermar\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099162.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21421_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00092_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd10358_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\drumroll.wav	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\mn.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02742g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\beige.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir35f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\logintool24x24images.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme42.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir1f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir39f.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01242_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115842.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\error.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\launch.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\urbanmergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl048.xml	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\requests\vlm_cmd.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\strtedge\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\pushpin.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\utilityfunctions.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightorange\button.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\infopathwelcomeimage.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\rtf_italic.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir51f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\datetime.jpg	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ku-ckb.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\level\preview.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01842_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21330_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_olivegreen.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\outlookautodiscover\yahoo.ca.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\medianmergeletter.dotx	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\requests\readme.txt	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\calendar.gadget\en-us\css\calendar.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir9b.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\currency.gadget\en-us\js\currency.js	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00154_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145669.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ph02845g.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115835.gif	github.exe
File opened for modification	\??\c:\program files\startcompare.crw	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\breeze\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\solutions\document.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir11f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\save.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\things\shot.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\samples\solvsamp.xls	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\requests\playlist_jstree.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\j0115840.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\greentea.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme45.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir23f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\certificates\verisign\components\vs_componentsigningintermediate.cer	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\onenote.en-us\onenotemui.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\boldstri\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formshomepagestyle.css	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\images\folder-48.png	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\picturepuzzle.gadget\en-us\js\picturepuzzle.js	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\leftnav.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\foundry.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir48b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir5b.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-filesystems.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\biscay.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn111.xml	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\visualbasic\1033\dataset.zip	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099167.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd15019_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\questionicon.jpg	github.exe
File opened for modification	\??\c:\program files\videolan\vlc\lua\http\js\jquery.jstree.js	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\view.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgaccbar.xml	github.exe
File opened for modification	\??\c:\program files\connectstart.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-jvm.xml	github.exe
File opened for modification	\??\c:\program files\java\jre7\thirdpartylicensereadme-javafx.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir14f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\classic.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\defaultblackandwhite.dotx	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\indust\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10265_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21334_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dglogo.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\news.xml	github.exe
File opened for modification	\??\c:\program files\mozilla firefox\defaults\pref\channel-prefs.js	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\water\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00163_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14583_.gif	github.exe
File opened for modification	\??\c:\program files (x86)\google\chrome\application\81.0.4044.129\visualelements\logocanary.png	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\weather.gadget\en-us\js\highdpiimageswap.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubftscm\scheme47.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\quickstyles\formal.dotx	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\adobe.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\webpage.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\templates\1033\executivenewsletter.dotx	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\jre\lib\images\cursors\win32_movedrop32x32.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02187_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\validation.js	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\resource\enutxt.pdf	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145168.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02055_.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ext.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0145373.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0386120.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir43b.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\tt.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\j0143744.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14828_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir2f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\button_left_over.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\projecttool\project report type\fancy\plus.gif	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\dataset.zip	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\pa-in.txt	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-modules-applemenu.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0148798.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightorange\background.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\cpu.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\prottplv.ppt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\lime\tab_on.gif	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\clock.gadget\en-us\js\clock.js	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winxpolive.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\visualvm\config\modules\com-sun-tools-visualvm-core.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\createspaceimage.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\alertimage_auto.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgwebpqt.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14757_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\grooveformsmetadata.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\config\modules\org-netbeans-lib-uihandler.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir22f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_formshomepageblank.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\americana\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightyellow\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd14832_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\coin.wav	github.exe
File opened for modification	\??\c:\program files\7-zip\license.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\infopathom\infopathomformservices\infopathomformservicesv12\microsoft.office.infopath.xml	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\calendar.gadget\en-us\js\calendar.js	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\calendar.gadget\images\bg-desk.png	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\currency.gadget\en-us\js\currency.js	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightorange\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_greentea.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\brightorange\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgsidebr.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\desert\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd10299_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21482_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\slate\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir13f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\toolbmps\notifierclosebutton.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\publicfunctions.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\resume.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\desert\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir36f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir40f.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkhandle.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00174_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099166.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\publisher\backgrounds\wb02201_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\newsprint.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir48f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\swirl\tab_off.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\cpu.gadget\drag.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pglbl054.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382954.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\bg_casual.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\desert\header.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\submit.js	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveprojecttoolset\projecttool\project report type\fancy\spacer.gif	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme fonts\solstice.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\maroon.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\graycheck\header.gif	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\resource\typesupport\unicode\mappings\adobe\symbol.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\office.en-us\officemuiset.xml	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\include\jdwptransport.h	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0387591.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir25f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\j0115875.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir18f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_slateblue.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\fr.txt	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\eclipse\thmbnail.png	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\ag00090_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0382950.jpg	github.exe
File opened for modification	\??\c:\program files (x86)\windows sidebar\gadgets\cpu.gadget\images\back.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\sts2\background.gif	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\de.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0387337.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21327_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\button_right_disable.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms4\formsstyles\premium.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21534_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\olkirmv.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\textbox.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\microsoft.sharepoint.businessdata.administration.client.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\sounds\people\cough.wav	github.exe
File opened for modification	\??\c:\program files (x86)\common files\adobe air\versions\1.0\thawte root certificate.cer	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\themes14\bluecalm\preview.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0099148.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\j0321179.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\cagcat10\j0214098.wav	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\bullets\bd21375_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\media\breeze.wav	github.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\office14\office setup controller\word.en-us\setup.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\civic.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\sts2\background.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\fieldtypepreview\combobox.jpg	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms5\add.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\dgwebbtn.xml	github.exe
File opened for modification	\??\c:\program files (x86)\adobe\reader 9.0\reader\amt\aumproduct.cer	github.exe
File opened for modification	\??\c:\program files (x86)\microsoft visual studio 8\common7\ide\vsta\itemtemplates\csharp\1033\emptydatabase.zip	github.exe
File opened for modification	\??\c:\program files\microsoft office\clipart\pub60cor\wb01240_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21320_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\lightspirit.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\formsstyles\biscay\tab_on.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\catalog.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms\bg_casual.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\button_left_over.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\currency.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\7-zip\lang\ba.txt	github.exe
File opened for modification	\??\c:\program files\microsoft office\document themes 14\theme colors\grayscale.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\media\office14\lines\bd21303_.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\zpdir2b.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\commondata\alertimage_contacthigh.jpg	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css	github.exe
File opened for modification	\??\c:\program files\java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winclassichandle.png	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir28f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\pubspapr\pdir51f.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_formshomepage.gif	github.exe
File opened for modification	\??\c:\program files\windows sidebar\gadgets\rssfeeds.gadget\en-us\gadget.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\brightorange.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\1033\grooveforms5\formsstyles\texturedblue.css	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\groove\tooldata\groove.net\grooveforms3\bg_casual.gif	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pagesize\pgmn026.xml	github.exe
File opened for modification	\??\c:\program files\microsoft office\office14\pubwiz\main.xml	github.exe

Drops file in Windows directory 1011 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\inf\bits\bitsctr.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\permissions\managepermissions.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\selectedtab_1x1.gif	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\power\powerconfig.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\tracking_schema.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_en-us_409c81d29e98065b\license.rtf	github.exe
File opened for modification	\??\c:\windows\installer\105ce.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\selectedtab_rightcorner.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..howgadget-ondesktop_31bf3856ad364e35_6.1.7600.16385_none_0790637f4328e8f9\slideshow_glass_frame.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_454c741475b5380e\installprofile.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.1.7600.16385_none_632cd22f8aba00e7\tabletextservicesimplifiedzhengma.txt	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\darkblue_grad.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\providers\manageproviders.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\tracking_logic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9cd795cebc886acf\license.rtf	github.exe
File opened for modification	\??\c:\windows\ehome\createdisc\styles\ntsc\symphony\symphony\symphony.psd	github.exe
File opened for modification	\??\c:\windows\installer\12050.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\image2.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallsqlstatetemplate.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-fax-common.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a5a3b35650610173\welcomefax.tif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_649f28cc62d12253\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_4b7bf556f6fe4db9\back.png	github.exe
File opened for modification	\??\c:\windows\web\wallpaper\characters\img19.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.16428_none_5c2d1817de9b3df1\timeline.cpu.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_6.1.7600.16385_none_9f53e08173260b26\_smsvchostperfcounters.h	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.2.7601.23317_none_ed0bd9123ad5421d\winrm.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_en-us_79dfc17d433a5b9b\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installwebeventsqlprovider.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\webadminhelp.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9121d730a12855c4\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..t-starter.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b235a559a47739fb\license.rtf	github.exe
File opened for modification	\??\c:\windows\media\heritage\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d7749943fcc6ea3\currency.css	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\gsrvctr.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\providers\chooseprovidermanagement.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\users\adduser.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\_smsvchostperfcounters.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_77f885dc30a2b58b\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..style-layeredtitles_31bf3856ad364e35_6.1.7600.16385_none_4ad2978b8b3ac8b2\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-sys_data_oraclient_perfcoun_b03f5f7f11d50a3a_6.1.7600.16385_none_12b230ea15a9e57a\_dataoracleclientperfcounters_shared12_neutral.h	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx35linq-framework_assemblylist_31bf3856ad364e35_6.1.7600.16385_none_d2345696aab11309\frameworklist.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallpersonalization.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_en-us_7cb9d6b0c095b208\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.1.7600.16385_none_564b5f0e0709e9c5\_servicemodeloperationperfcounters.h	github.exe
File opened for modification	\??\c:\windows\inf\tapisrv\perfctr.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\image1.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1035\eula.rtf	github.exe
File opened for modification	\??\c:\windows\serviceprofiles\localservice\ntuser.dat.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\corperfmonsymbols.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installprofile.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..yle-specialoccasion_31bf3856ad364e35_6.1.7600.16385_none_01242a21ddccaf3b\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\app_code\wizardpage.cs	github.exe
File opened for modification	\??\c:\windows\security\logs\scesetup.log	github.exe
File opened for modification	\??\c:\windows\installer\8365.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\topgradrepeat.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\providers\manageproviders.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windowsdx..xperience.resources_31bf3856ad364e35_6.1.7600.16385_en-us_47eede0a3806430e\resource.xml	github.exe
File opened for modification	\??\c:\windows\installer\6d8a.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v3.0\windows workflow foundation\sql\en\tracking_logic.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\users\findusers.aspx	github.exe
File opened for modification	\??\c:\windows\prefetch\agglglobalhistory.db	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1d470ceb8c4a0ba8\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_d7244b05e242e449\cronometer.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-m..ttheme-gb-component_31bf3856ad364e35_6.1.7601.17514_none_92d51a492ae12096\gb-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.1.7600.16385_none_d929c51176e9aa64\uninstallsqlstatetemplate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallsqlstatetemplate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\headergradient_tall.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\home1.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\app_code\applicationconfigurationpage.cs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.22396_none_5b8bb9d8d6b7b37c\profile.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.1.7600.16385_none_239c9c8a8e93c65b\_networkingperfcounters.h	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f704a3d4d39c1ac9\microsoft.iis.powershell.provider.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.1.7600.16385_none_77bb8934c5837c8b\installwebeventsqlprovider.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\home2.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\permissions\createpermission.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\config\defaultwsdlhelpgenerator.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\security.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\installsqlstatetemplate.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.1.7600.16385_none_f3ab6fef34443b5c\wizard.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_en-us_0eff2b2a9667228d\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installprofile.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\permissions\createpermission.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\home0.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aabbd313996cd418\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\webadminhelp_provider.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b71e2f823ddacf22\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..allpaper-characters_31bf3856ad364e35_6.1.7600.16385_none_bde0eaed84920a21\img19.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\_dataperfcounters_shared12_neutral.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnky008.inf_31bf3856ad364e35_6.1.7600.16385_none_3ff9d4676ad8549c\amd64\kyw7qur7.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\appcmd.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_common_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_e30a73284d02ae8d\installcommon.sql	github.exe
File opened for modification	\??\c:\windows\installer\12045.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installroles.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\app_code\navigationbar.cs	github.exe
File opened for modification	\??\c:\windows\media\festival\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\yellowcorner.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ee635c40e73ba03c\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_0cf741683187a097\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\error.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnkm003.inf_31bf3856ad364e35_6.1.7600.16385_none_50766fcc42797a9b\amd64\koc353x.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\app_code\securitypage.cs	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb00006.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625\filters.xml	github.exe
File opened for modification	\??\c:\windows\globalization\mct\mct-ca\wallpaper\ca-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\webadminhelp.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1030\eula.rtf	github.exe
File opened for modification	\??\c:\windows\prefetch\agapplaunch.db	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-shell-wallpaper-scenes_31bf3856ad364e35_6.1.7600.16385_none_a4393b1a254aeaee\img25.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-data_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_76fd6bc388ff7244\_dataperfcounters.h	github.exe
File opened for modification	\??\c:\windows\dtcinstall.log	github.exe
File opened for modification	\??\c:\windows\inf\usbhub\usbperfsym.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1053\eula.rtf	github.exe
File opened for modification	\??\c:\windows\shellnew\excel12.xlsx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1a07d4da952d4d02\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnrc00c.inf_31bf3856ad364e35_6.1.7600.16385_none_3b11d85d2b1e2536\amd64\ricfg7.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1543c3c503d80bbc\license.rtf	github.exe
File opened for modification	\??\c:\windows\panther\diagwrn.xml	github.exe
File opened for modification	\??\c:\windows\vss\writers\system\0bada1de-01a9-4625-8278-69e735f39dd2.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a\rasctrnm.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\_transactionbridgeperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_code\webadminpage.cs	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_en-us_91a2a3662d8ffd41\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v3.5\sql\en\dropsqlpersistenceproviderlogic.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\providers\chooseprovidermanagement.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_48b522f56a33d033\aspnet_perf.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\redistlist\frameworklist.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\users\manageusers.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\webadminhelp_internals.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-bpa_31bf3856ad364e35_6.1.7600.16385_none_af0f0fb17ebf927a\webserver_model.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\boxed-correct.avi	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_ce76f352fa54bd75\0.png	github.exe
File opened for modification	\??\c:\windows\setupact.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-i..lprovider.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ecaff9829f3b58ce\microsoft.iis.powershell.provider.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50\rs_dvddecoder.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnsa002.inf_31bf3856ad364e35_6.1.7600.16385_none_02a32ac8d56280f6\amd64\smc350u.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e9f79a70efa455da\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\webadminstyles.css	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\roles\manageallroles.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..g-fdprint.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cb425691a3c4dfa7\resource.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnky006.inf_31bf3856ad364e35_6.1.7600.16385_none_3ee7affd389bdbca\amd64\kyw7qur5.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.18216_none_65ad46bff1b9f625\profile.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1939ad1417b061ed\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\config\defaultwsdlhelpgenerator.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installcommon.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1055\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..iadisc-style-oldage_31bf3856ad364e35_6.1.7600.16385_none_02ee3365ea53e1ad\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\profile.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_35033bace8cae48e\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\webadminhelp_provider.aspx	github.exe
File opened for modification	\??\c:\windows\panther\unattend.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..undthemes-landscape_31bf3856ad364e35_6.1.7600.16385_none_7a83a914edc3de49\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnhp004.inf_31bf3856ad364e35_6.1.7600.16385_none_306093dc85bc087c\amd64\hpb8500t.xml	github.exe
File opened for modification	\??\c:\windows\inf\servicemodelservice 3.0.0.0\_servicemodelserviceperfcounters.h	github.exe
File opened for modification	\??\c:\windows\shellnew\pwrpnt12.pptx	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\homegroup\cl_detection.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-bits-perf_31bf3856ad364e35_6.1.7601.17514_none_914aa0fa1749a409\bitsctr.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-100.asp	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.1.7601.17514_none_2dd00d963fe4475e\welcome.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..-soundthemes-quirky_31bf3856ad364e35_6.1.7600.16385_none_e55404efe49bb9cb\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnts003.inf_31bf3856ad364e35_6.1.7600.16385_none_1a5ec630d9861d24\amd64\tsmxu003.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1040\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5a9bfb846ea663ab\oobe_help_opt_in_details.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..disc-style-memories_31bf3856ad364e35_6.1.7600.16385_none_51190840a935f980\16_9-frame-background.png	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f04371ec21c4626e\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\globalinstallorder.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\users\edituser.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installpersistsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\inf\.net clr networking\_networkingperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\gradient_onwhite.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1041\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnhp005.inf_31bf3856ad364e35_6.1.7600.16385_none_30e9a6119eda44e5\amd64\hp6000at.xml	github.exe
File opened for modification	\??\c:\windows\globalization\mct\mct-us\wallpaper\us-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\inf\termservice\tslabels.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\yellowcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\webadminhelp_security.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-n..nosticsframeworkapi_31bf3856ad364e35_6.1.7600.16385_none_86e6a231c4ced139\ndfeventview.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_7.2.7601.16406_none_1502e73fe702e135\profile.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.1.7600.16385_none_dba90e9e11c02732\appconfighome.aspx	github.exe
File opened for modification	\??\c:\windows\inf\.net data provider for sqlserver\_dataperfcounters_shared12_neutral.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\_smsvchostperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\sqlpersistenceproviderlogic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu_31bf3856ad364e35_6.1.7600.16385_none_a79a90daaf5bbeef\back.png	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f7ef33e70a2e2b7e\license.rtf	github.exe
File opened for modification	\??\c:\windows\inf\wmiaprpl\wmiaprpl.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\config\defaultwsdlhelpgenerator.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_4c620d6fda21d3a4\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3\flickanimation.avi	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.1.7600.16385_none_09906177615c2112\applicationconfigurationpage.cs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\perfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\_networkingperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1046\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnhp002.inf_31bf3856ad364e35_6.1.7600.16385_none_2f4e6f72537f8faa\amd64\hpc1rwsl.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1bd9ea5878454455\license.rtf	github.exe
File opened for modification	\??\c:\windows\fonts\fms_metadata.xml	github.exe
File opened for modification	\??\c:\windows\media\cityscape\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\image2.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\selectedtab_leftcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\debugandtrace.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7110452767e88835\xpsrchvw.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnrc00a.inf_31bf3856ad364e35_6.1.7600.16385_none_39ffb3f2f8e1ac64\amd64\ricfg7.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\helpicon_solid.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_7547f48c79b40229\msdtc.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\home0.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state_perf.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..-soundthemes-sonata_31bf3856ad364e35_6.1.7600.16385_none_201752c112c5078c\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\globalization\mct\mct-za\wallpaper\za-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\background.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installpersistsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\aspdotnet_logo.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1028\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_2faaad2bcfc99b5f\uninstallsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_7.2.7601.23317_en-us_e458b60a2f3b12ae\default.help.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_58c37611c5704035\license.rtf	github.exe
File opened for modification	\??\c:\windows\windowsupdate.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\webadminhelp_security.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-h..atement_r.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b558e03eab75aa2b\privacy.rtf	github.exe
File opened for modification	\??\c:\windows\installer\1206e.msi	github.exe
File opened for modification	\??\c:\windows\panther\unattendgc\setupact.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-m..ttheme-us-component_31bf3856ad364e35_6.1.7601.17514_none_b52573ad8e4c2d89\us-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-mulanttsvoiceenudsk_31bf3856ad364e35_6.1.7600.16385_none_75c520ccf1df00ca\m1033dsk.crt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_en-us_bde93956dccfdbcc\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallwebeventsqlprovider.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\default.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\report.system.netdiagframework.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnky004.inf_31bf3856ad364e35_6.1.7600.16385_none_3dd58b93065f62f8\amd64\kyw7qur4.xml	github.exe
File opened for modification	\??\c:\windows\installer\12078.msi	github.exe
File opened for modification	\??\c:\windows\inf\msdtc bridge 4.0.0.0\_transactionbridgeperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\security.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8618b2759ddf665b\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1044\eula.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\permissions\managepermissions.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\sqlworkflowinstancestorelogic.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1029\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-e..eady_eula.resources_31bf3856ad364e35_6.1.7600.16385_en-us_95d36ad13a0d3d1e\playready_eula.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.1.7600.16385_none_6b4402829272a89f\uninstallpersistsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\windowsupdate\ts_connectivity.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\unselectedtab_rightcorner.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-e..-mcetuningoverrides_31bf3856ad364e35_6.1.7600.16385_none_2b64302bc8dc3b49\mcetuningoverrides.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17\blank.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-tapicore_31bf3856ad364e35_6.1.7600.16385_none_402eca316047a0fe\perfctr.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.1.7600.16385_none_ef661ab3b4bc29bf\security.aspx	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\search\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\app_data\groupedproviders.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6286f234122031db\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_en-us_a1579e0233ceb9b3\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallcommon.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1025\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7601.17514_none_6a2ab458674011dc\welcomescan.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_users_b03f5f7f11d50a3a_6.1.7600.16385_none_be918bff95b9bbc5\adduser.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-assemblylist_xml_b03f5f7f11d50a3a_6.1.7601.17514_none_e3a109eaec8645a9\frameworklist.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a6285ac2a45ae884\gadget.xml	github.exe
File opened for modification	\??\c:\windows\ehome\mediarenderer\mediacenter.digitalmediarenderer.avtransport.xml	github.exe
File opened for modification	\??\c:\windows\installer\12040.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\ngen.log	github.exe
File opened for modification	\??\c:\windows\panther\cbs_unattend.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..adisc-style-shatter_31bf3856ad364e35_6.1.7600.16385_none_0cd72f8900478c68\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-shell-sounds_31bf3856ad364e35_6.1.7600.16385_none_73076dd9cf3a9dce\chimes.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d158ae10876efd6d\currency.css	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_en-us_29fa16f1e581f525\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7600.16385_en-us_60918bf31d027127\license.rtf	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\performance\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\inf\setupapi.app.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\manageappsettings.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..c-mceburnengineicon_31bf3856ad364e35_6.1.7600.16385_none_0a0899f37b2bab4d\sonicmceburnengineicon.png	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx35linq-arrowheadsubsetlist_v35_31bf3856ad364e35_6.1.7600.16385_none_cbd3471197c6c60c\client.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\permissions\createpermission.aspx	github.exe
File opened for modification	\??\c:\windows\inf\windows workflow foundation 4.0.0.0\perfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\smtpsettings.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c80cf1d4b4cdf5c2\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\webadminhelp_internals.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\aspdotnet_logo.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.5\sql\en\dropsqlpersistenceproviderlogic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_roles_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_072d3c4f13092ac3\installroles.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\netmemorycache.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-c..gement-perfcounters_31bf3856ad364e35_6.1.7600.16385_none_814c249ec2a32783\msdtcprf.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_c3b9072b536514f6\activity16v.png	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e83b619ada3e7ed\prncnfg.vbs	github.exe
File opened for modification	\??\c:\windows\installer\12097.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\users\manageusers.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1035\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\sqlpersistenceproviderschema.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_08808d48aa73b11d\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx35cdf-cdf_sql_files_31bf3856ad364e35_6.1.7600.16385_none_a203944b32daa861\dropsqlpersistenceproviderlogic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\poqexec.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_7.2.7601.16406_en-us_d98486b2e1b5290c\default.help.txt	github.exe
File opened for modification	\??\c:\windows\diagnostics\scheduled\maintenance\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\help.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\2070\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.2.7601.23317_none_e2b72ec006748022\winrm.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..howgadget-ondesktop_31bf3856ad364e35_6.1.7600.16385_none_ab71c7fb8acb77c3\slideshow_glass_frame.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1922e3a86e653c83\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_41ed62770d4da14e\installmembership.sql	github.exe
File opened for modification	\??\c:\windows\inf\rdyboost\readyboostperfcounters.h	github.exe
File opened for modification	\??\c:\windows\inf\servicemodelendpoint 3.0.0.0\_servicemodelendpointperfcounters.h	github.exe
File opened for modification	\??\c:\windows\installer\6d85.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installcommon.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\appconfig\appconfighome.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1033\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-h..homegroup.resources_31bf3856ad364e35_6.1.7600.16385_en-us_53f18e4b42182e0f\oobe_help_what_is_homegroup.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\webadminhelp_application.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1042\eula.rtf	github.exe
File opened for modification	\??\c:\windows\panther\ddaclsys.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-gadgets-clock_31bf3856ad364e35_6.1.7600.16385_none_3342e6899aa0557f\cronometer.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..disc-style-stacking_31bf3856ad364e35_6.1.7600.16385_none_d0d2b98d4629a41f\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_f7a4bf1e15863e21\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\permissions\managepermissions.aspx	github.exe
File opened for modification	\??\c:\windows\prefetch\agglfaulthistory.db	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_en-us_604bc8140b32a29d\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installpersonalization.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\selectedtab_rightcorner.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..undthemes-cityscape_31bf3856ad364e35_6.1.7600.16385_none_5b48f43248490503\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\media\savanna\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v3.0\windows workflow foundation\sql\en\sqlpersistenceservice_schema.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\tracking_schema.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7600.16385_en-us_da79a19cb62ad143\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..omebasicn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_71625f48bc357cf2\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_1d316289a4bdaefa\installpersonalization.sql	github.exe
File opened for modification	\??\c:\windows\assembly\gac_msil\microsoft.security.applicationid.policymanagement.cmdlets.resources\6.1.0.0_en_31bf3856ad364e35\microsoft.security.applicationid.policymanagement.cmdlets.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\app_code\securitypage.cs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\webadminhelp_provider.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\setupauthentication.aspx	github.exe
File opened for modification	\??\c:\windows\performance\winsat\datastore\2020-04-30 12.24.02.028 dwm.assessment (initial).winsat.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\dropsqlpersistenceproviderlogic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.1.7600.16385_none_917c8e3a626d815e\uninstallsqlstatetemplate.sql	github.exe
File opened for modification	\??\c:\windows\installer\12092.msi	github.exe
File opened for modification	\??\c:\windows\ehome\createdisc\sonic.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\security_watermark.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-t..tional-chinese-dayi_31bf3856ad364e35_6.1.7600.16385_none_6052679946eea92d\tabletextservicedayi.txt	github.exe
File opened for modification	\??\c:\windows\inf\asp.net\aspnet_perf.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-e..gadgetxml.resources_31bf3856ad364e35_6.1.7600.16385_en-us_904fd67a29ac3806\gadget.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dbfc68edd3137610\clock.css	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallpersonalization.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\requiredbang.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\2052\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9ab5b3b70c426c71\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\installer\12069.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\strings.xml	github.exe
File opened for modification	\??\c:\windows\prefetch\agglfgapphistory.db	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_state_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_730c92cdcdf3f501\aspnet_state_perf.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.1.7600.16385_none_300e525db1075385\installwebeventsqlprovider.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_3e97183353e4fb3b\license.rtf	github.exe
File opened for modification	\??\c:\windows\inf\.net memory cache 4.0\netmemorycache.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\perfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallpersistsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\editappsetting.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\pcwdiagnostic.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-shell-wallpaper-nature_31bf3856ad364e35_6.1.7600.16385_none_d5909570704a09c0\img1.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.1.7600.16385_none_c56d3c38f38b0256\defaultwsdlhelpgenerator.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\app_data\groupedproviders.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\security_watermark.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..l-soundthemes-delta_31bf3856ad364e35_6.1.7600.16385_none_fbf7e0678b64a4b8\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3ffb4c3dcb07890d\add_a_device_or_computer_to_a_network_usb.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\cmnicfg.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\error.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\(120dpi)alerticon.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\error.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\default.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\alert_lrg.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\report.system.netdiagframework.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b4335a571a3c743e\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\app_code\passwordvaluetextbox.cs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\alert_sml.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..riventextservice-yi_31bf3856ad364e35_6.1.7600.16385_none_9d726564d8585442\tabletextserviceyi.txt	github.exe
File opened for modification	\??\c:\windows\tssysprep.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\users\adduser.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installmembership.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7601.17514_en-us_2de8aeb5b24c74bb\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-t..textservice-amharic_31bf3856ad364e35_6.1.7600.16385_none_6583d3f29e43cfa1\tabletextserviceamharic.txt	github.exe
File opened for modification	\??\c:\windows\ehome\createdisc\styles\pal\symphony\symphony\symphony.psd	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7600.16385_en-us_49c9bb4fcaa13f19\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..oundthemes-heritage_31bf3856ad364e35_6.1.7600.16385_none_5872c0830d0c4747\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\d61d61c8-d73a-4eee-8cdd-f6f9786b7124.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_7.2.7601.16406_en-us_e3d931051615eb07\default.help.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-installsqlstate_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_5e893f5247903730\installsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\inf\ugthrsvc\gthrctr.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\alert_lrg.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\requiredbang.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_7.2.7601.23317_en-us_da040bb7fada50b3\default.help.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7601.17514_en-us_dd050cebcad7bb4b\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_698fc88e65b943d6\avtransport.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-sonic-sonicxml_31bf3856ad364e35_6.1.7600.16385_none_473b7f0d0af85d51\sonic.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3b5955ffeb175bbb\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bb39ab2582dc79f6\sqlpersistenceservice_logic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_en-us_902d79129708aeec\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\dropsqlpersistenceproviderschema.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397\bg_sidebar.png	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\aero\cl_aerofeature.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..calmediadisc-styles_31bf3856ad364e35_6.1.7600.16385_none_dac1eab162daeb45\16to9squareframe_buttongraphic.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallroles.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1031\eula.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1049\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_65ab62a5f1bba14b\profile.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-h..eraccount.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a76a5c0503cd275\oobe_help_what_is_user_account.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\dropsqlpersistenceproviderlogic.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\help.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1044\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8734fb86705288a7\flyout.css	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_24090ddf20410f44\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\requiredbang.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\providers\manageconsolidatedproviders.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bcb02776d55fe25d\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_3b995fcfc0e586ab\alert_lrg.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.1.7600.16385_none_819e8545cdbf46af\_servicemodelendpointperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1028\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c91b524799c6ec52\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-security-spp-tools_31bf3856ad364e35_6.1.7600.16385_none_a18e37c5d8d164ed\slmgr.vbs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installmembership.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1033\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39\purbleplacemce.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..undthemes-afternoon_31bf3856ad364e35_6.1.7600.16385_none_2a05e57d5ab3659e\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\globalinstallorder.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f62c53c2142e10f3\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\subsetlist\client.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installsqlstatetemplate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\_transactionbridgeperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\help.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-full_31bf3856ad364e35_6.1.7600.16385_none_ce3a164d3f0fa152\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\alphabet.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\selectedtab_1x1.gif	github.exe
File opened for modification	\??\c:\windows\vss\writers\system\75dfb225-e2e4-4d39-9ac9-ffaff65ddf06.xml	github.exe
File opened for modification	\??\c:\windows\installer\12055.msi	github.exe
File opened for modification	\??\c:\windows\panther\cbs.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-netfx3-core_31bf3856ad364e35_6.1.7601.17514_none_c5c6d478f0c06fa1\frameworklist.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\roles\managesinglerole.aspx	github.exe
File opened for modification	\??\c:\windows\web\wallpaper\landscapes\img10.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-h..statement.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8e57778214225c92\vofflps.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..iadisc-style-travel_31bf3856ad364e35_6.1.7600.16385_none_f2a7c66510a5395d\16_9-frame-background.png	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.22396_none_65e0642b0b187577\profile.ps1	github.exe
File opened for modification	\??\c:\windows\installer\836b.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\setupauthentication.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-aspbinaries_31bf3856ad364e35_6.1.7601.17514_none_eaaa53b67e14526e\axctrnm.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..lpaper-architecture_31bf3856ad364e35_6.1.7600.16385_none_d99106b927aa7782\img13.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..textservice-amharic_31bf3856ad364e35_6.1.7600.16385_none_c1a26f7656a140d7\tabletextserviceamharic.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_6.1.7600.16385_none_0da2254524b4bc0c\xsl-mappings.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_en-us_042d2c9052d53167\license.rtf	github.exe
File opened for modification	\??\c:\windows\media\characters\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\roles\manageallroles.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\users\edituser.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\button_left_mousedown.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_en-us_75927153ac93fb86\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_en-us_247c7f7ff2fcb4c5\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-usbperf_31bf3856ad364e35_6.1.7600.16385_none_fbd761d791c06ed0\usbperfsym.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\config\netfx40_iis_schema_update.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-irdafiletransfer_31bf3856ad364e35_6.1.7600.16385_none_bb684a120148a438\ir_begin.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..sc-style-rectangles_31bf3856ad364e35_6.1.7600.16385_none_258f1924c482b7a1\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1045\eula.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\2070\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-d..characterlistapplet_31bf3856ad364e35_6.1.7600.16385_none_8149342acd294792\imjpclst.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\ngen.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\_dataoracleclientperfcounters_shared12_neutral.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\app_code\wizardpage.cs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c99bfc6ddd1bf1d2\gadget.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_6a1946701e0df451\bg-desk.png	github.exe
File opened for modification	\??\c:\windows\winsxs\msil_microsoft.security...t.cmdlets.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cbde052b5e31472c\microsoft.security.applicationid.policymanagement.cmdlets.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-t..ional-chinese-array_31bf3856ad364e35_6.1.7600.16385_none_64b02463c341f83d\tabletextservicearray.txt	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallprofile.sql	github.exe
File opened for modification	\??\c:\windows\panther\unattendgc\diagwrn.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_7.2.7601.23317_none_15826c45002808dc\profile.ps1	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\pcw\rs_programcompatibilitywizard.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\_networkingperfcounters_v2.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\providers\manageproviders.aspx	github.exe
File opened for modification	\??\c:\windows\pla\reports\report.system.common.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6bee5650fc70848c\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-powershellprovider_31bf3856ad364e35_6.1.7600.16385_none_f7454d6160c30219\navigationtypes.namespace.xml	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\devicecenter\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\security0.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\dropsqlworkflowinstancestorelogic.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallwebeventsqlprovider.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\branding_full2.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1037\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1049\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx35linq-framework_assemblylist_31bf3856ad364e35_6.1.7600.16385_none_2e52f21a630e843f\frameworklist.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installroles.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\appconfighome.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7601.17514_en-us_edc13ee9e5ed6e77\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\unselectedtab_leftcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\tracking_logic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\globalinstallorder.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..tional-chinese-dayi_31bf3856ad364e35_6.1.7600.16385_none_bc71031cff4c1a63\tabletextservicedayi.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_en-us_761d8f95399916f8\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d7d60ea24be809c\gadget.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5aff93fe857d5dec\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-assemblylist_xml_b03f5f7f11d50a3a_6.1.7601.17514_none_2b4e40c201026eaf\frameworklist.xml	github.exe
File opened for modification	\??\c:\windows\inf\.netframework\corperfmonsymbols.h	github.exe
File opened for modification	\??\c:\windows\inf\servicemodeloperation 3.0.0.0\_servicemodeloperationperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\debugandtrace.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\appconfig\manageappsettings.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.1.7600.16385_none_7aab2462f08e2d02\tabletextservicesimplifiedshuangpin.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-r..bilityanalysisrules_31bf3856ad364e35_6.1.7601.17514_none_28faa4edfde69b42\racrules.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.1.7600.16385_none_1f7373be61daf614\perfcounters.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..ied-chinese-zhengma_31bf3856ad364e35_6.1.7600.16385_none_bf4b6db34317721d\tabletextservicesimplifiedzhengma.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.1.7600.16385_none_27e5cecd389a11b4\groupedproviders.xml	github.exe
File opened for modification	\??\c:\windows\inf\ugatherer\gsrvctr.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\selectedtab_leftcorner.gif	github.exe
File opened for modification	\??\c:\windows\servicing\sessions\30809834_3145801136.back.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnky003.inf_31bf3856ad364e35_6.1.7600.16385_none_3d4c795ded41268f\amd64\kyw7qur2.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\sqlworkflowinstancestoreschema.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\default.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\image2.gif	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb00009.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\webadminhelp.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-h..ctivation.resources_31bf3856ad364e35_6.1.7600.16385_en-us_581f4464e637a2c6\help_what_is_activation.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..isc-style-videowall_31bf3856ad364e35_6.1.7600.16385_none_f0f97c9a09073b00\203x8subpicture.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.17514_none_9b73f7b9f6d6dd18\readyboostperfcounters.h	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1\avtransport.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_32e02520f8081891\winrm.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-n..nosticsframeworkapi_31bf3856ad364e35_6.1.7600.16385_none_2ac806ae0c716003\ndfeventview.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.1.7601.17514_none_69a838f53862fe6b\frameworklist.xml	github.exe
File opened for modification	\??\c:\windows\inf\remoteaccess\rasctrnm.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\corperfmonsymbols.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\_dataperfcounters.h	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb00005.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..oundthemes-festival_31bf3856ad364e35_6.1.7600.16385_none_121f20b55f0bde68\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4d6aa30008b38d10\cpu.css	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_7db8e8c1fc7f2e48\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state_perf.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\wizard\wizard.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\webadminhelp_internals.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2\rs_configurationerrors.ps1	github.exe
File opened for modification	\??\c:\windows\media\quirky\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\appconfig\defineerrorpage.aspx	github.exe
File opened for modification	\??\c:\windows\panther\unattendgc\diagerr.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ad01b0cc7d80f411\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_wpf-winfxlist_31bf3856ad364e35_6.1.7600.16385_none_9cd1c50c09ba1b7a\winfxlist.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1051f5dad299e574\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\installsqlstatetemplate.sql	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\networking\htinteractiveres.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\aspnet_perf.h	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb00002.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..ultimatee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_d9d78445b4dc9f7e\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..unterinfrastructure_31bf3856ad364e35_6.1.7600.16385_none_cd7aeeff1897d018\0bada1de-01a9-4625-8278-69e735f39dd2.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_da058ee318468992\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_installpersistsql_b03f5f7f11d50a3a_6.1.7600.16385_none_f184fead5d7a9d76\installpersistsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1036\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f087cbd507d8e79\erofflps.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1aca4d46a08df107\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\app_code\navigationbar.cs	github.exe
File opened for modification	\??\c:\windows\panther\setupact.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-n..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_442c6606061fb492\report.system.nettrace.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\app_code\webadminpage.cs	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c85de3fc3a9f438f\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.1.7600.16385_none_50f19738760fdcfc\webadminhelp.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\appconfighome.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\roles\managesinglerole.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1045\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\web\wallpaper\nature\img1.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6aa2519d66015923\prncnfg.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnep002.inf_31bf3856ad364e35_6.1.7600.16385_none_9379fee912f1f625\amd64\ep0sbt00.xml	github.exe
File opened for modification	\??\c:\windows\media\sonata\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\deselectedtab_1x1.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..ional-chinese-array_31bf3856ad364e35_6.1.7600.16385_none_c0cebfe77b9f6973\tabletextservicearray.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aeacd0d57d868ef3\license.rtf	github.exe
File opened for modification	\??\c:\windows\media\calligraphy\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\config\netfx45_iis_schema_update.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\_networkingperfcounters.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\cl_detection.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696\winrm.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnky005.inf_31bf3856ad364e35_6.1.7600.16385_none_3e5e9dc81f7d9f61\amd64\kyw7qur3.xml	github.exe
File opened for modification	\??\c:\windows\media\raga\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\security0.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1046\eula.rtf	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb00008.log	github.exe
File opened for modification	\??\c:\windows\installer\6d8f.msi	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\bears.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_en-us_bd044824b607cb4d\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\thirdpartynotices.txt	github.exe
File opened for modification	\??\c:\windows\installer\1208c.msi	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-scavenge-space_31bf3856ad364e35_6.1.7601.17514_none_1b683337cabdc91a\scavengespace.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f\rs_medialibcorrupted.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.1.7600.16385_none_f79af98021986eab\tabletextservicesimplifiedquanpin.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11b07c1bb446e787\report.system.common.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-tabletpc-journal_31bf3856ad364e35_6.1.7601.17514_none_75d78dc0bb37c026\blue_gradient.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b69450ce148582ce\microsoft.windows.diagnosis.troubleshootingpack.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_765b17a2c56f9155\rasctrnm.h	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1973d5cff4368a50\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..homebasic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b0d8a5e4792a2f61\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..ultimaten.resources_31bf3856ad364e35_6.1.7600.16385_en-us_340edd8edeab3db6\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\_dataoracleclientperfcounters_shared12_neutral.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1043\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnca00g.inf_31bf3856ad364e35_6.1.7600.16385_none_dfec42405b072543\amd64\cnbx4pipelineconfig.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2b166002b7f51771\flyout.css	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c1287167d3ec9a72\license.rtf	github.exe
File opened for modification	\??\c:\windows\inf\smsvchost 3.0.0.0\_smsvchostperfcounters.h	github.exe
File opened for modification	\??\c:\windows\installer\1207d.msi	github.exe
File opened for modification	\??\c:\windows\installer\12082.msi	github.exe
File opened for modification	\??\c:\windows\installer\120ac.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\selectedtab_leftcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\appconfig\createappsetting.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..ets-slideshowgadget_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1\blank.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\users\manageusers.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_en-us_5e6db46338f63db0\license.rtf	github.exe
File opened for modification	\??\c:\windows\media\chimes.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\sqlworkflowinstancestorelogic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed\windows feed discovered.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14\solitairemce.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\netmemorycache.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\alert_lrg.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\appcmd.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..inboxgames-shanghai_31bf3856ad364e35_6.1.7600.16385_none_1c98ed5d08db04ce\mahjongmce.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\home2.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_perf.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1040\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_02e9e13998201d43\erofflps.txt	github.exe
File opened for modification	\??\c:\windows\inf\aspnet_state\aspnet_state_perf.h	github.exe
File opened for modification	\??\c:\windows\installer\1204b.msi	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\audioplaybackdiagnostic.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..t-starter.resources_31bf3856ad364e35_6.1.7601.17514_en-us_0e5440dd5cd4ab31\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..standardportmonitor_31bf3856ad364e35_6.1.7600.16385_none_ffbb87eff2f3f869\tcpbidi.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\ngen_service.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\security_watermark.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\defineerrorpage.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-rasctrs_31bf3856ad364e35_6.1.7600.16385_none_70130a6690196ee7\rasctrnm.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\home1.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\netfx_full_x64.msi	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-pets_31bf3856ad364e35_6.1.7600.16385_none_d0d7ee773d711005\notes_intro_bg.wmv	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..allpaper-landscapes_31bf3856ad364e35_6.1.7600.16385_none_e57abb2f66db71a9\img10.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-sonic-symphonyntsc_31bf3856ad364e35_6.1.7600.16385_none_d75d6085d60aa50d\symphony.psd	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\topgradrepeat.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-editions-client_31bf3856ad364e35_6.1.7600.16385_none_bc037fbe81d7b074\enterpriseedition.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-ehome-epgtos.resources_31bf3856ad364e35_6.1.7600.16385_en-us_29b70e81faa66c43\epgtos.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_en-us_d5fe5d00fb97ccd1\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_en-us_9cbb1d5656f57791\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\home2.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-gpupipeline_31bf3856ad364e35_6.1.7601.17514_none_5a5226e685faba67\dissolveanother.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\roles\manageallroles.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..ndthemes-characters_31bf3856ad364e35_6.1.7600.16385_none_08da32b0fdad9220\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-sonic-symphonypal_31bf3856ad364e35_6.1.7600.16385_none_cd66bc3541f90a26\symphony.psd	github.exe
File opened for modification	\??\c:\windows\panther\unattendgc\setuperr.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx35cdf-cdf_sql_files_31bf3856ad364e35_6.1.7600.16385_none_fe222fceeb381997\dropsqlpersistenceproviderlogic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_7757e402e445c465\uninstallsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-printing-fdprint_31bf3856ad364e35_6.1.7600.16385_none_b425025e9ef3d84c\background.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..l-inboxgames-hearts_31bf3856ad364e35_6.1.7600.16385_none_4ffeefd67d89d45b\heartsmce.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_tsprint.inf_31bf3856ad364e35_6.1.7601.17514_none_ca1bed7d5beee2f8\tsprint-pipelineconfig.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft.windows.s..ation.badcomponents_31bf3856ad364e35_6.1.7600.16385_none_3868158f24725705\suppression.xml	github.exe
File opened for modification	\??\c:\windows\installer\120a1.msi	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c\appinstalled.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..iadisc-style-sports_31bf3856ad364e35_6.1.7600.16385_none_c1c84490c211896e\circlesubpicture.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\_dataperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installwebeventsqlprovider.sql	github.exe
File opened for modification	\??\c:\windows\serviceprofiles\networkservice\ntuser.dat.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..adisc-style-babyboy_31bf3856ad364e35_6.1.7600.16385_none_f13596916b261f67\babyblue.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..rvices-perfcounters_31bf3856ad364e35_6.1.7600.16385_none_a6c6e3f75ceddb0a\tslabels.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.1.7600.16385_none_da3b5e9090e80564\adsutil.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6cfcb6c3e1697b1c\license.rtf	github.exe
File opened for modification	\??\c:\windows\inf\asp.net_4.0.30319\aspnet_perf.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\webadminhelp_application.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..disc-style-vignette_31bf3856ad364e35_6.1.7600.16385_none_cc1304de922cc585\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-gadgets-calendar_31bf3856ad364e35_6.1.7600.16385_none_0dfaaaec65b0831b\bg-desk.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallpersistsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_code\wizardpage.cs	github.exe
File opened for modification	\??\c:\windows\vss\writers\system\d61d61c8-d73a-4eee-8cdd-f6f9786b7124.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_6.1.7601.17514_none_9757fd443892abe7\infoctrs.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..l-wallpaper-starter_31bf3856ad364e35_6.1.7600.16385_none_f08164982f2fecda\img0.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-p..standardportmonitor_31bf3856ad364e35_6.1.7600.16385_none_a39cec6c3a968733\tcpbidi.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\smtpsettings.aspx	github.exe
File opened for modification	\??\c:\windows\inf\msdtc bridge 3.0.0.0\_transactionbridgeperfcounters.h	github.exe
File opened for modification	\??\c:\windows\logs\dpx\setuperr.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallroles.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a9893e83c110fe46\cpu.css	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..soundthemes-savanna_31bf3856ad364e35_6.1.7600.16385_none_8501e89d0b011992\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-gadgets-currency_31bf3856ad364e35_6.1.7600.16385_none_679a6ba79b07a3c0\activity16v.png	github.exe
File opened for modification	\??\c:\windows\inf\msdtc\msdtcprf.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\_networkingperfcounters_v2.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-d..characterlistapplet_31bf3856ad364e35_6.1.7600.16385_none_dd67cfae8586b8c8\imjpclst.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7600.16385_en-us_461635f4a801c710\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8f53ccf1a75d5585\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_en-us_63cc1fc1c4366aaa\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-r..bilityanalysisrules_31bf3856ad364e35_6.1.7601.17514_none_85194071b6440c78\racrules.xml	github.exe
File opened for modification	\??\c:\windows\installer\1205a.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\aspnet_perf.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\aspdotnet_logo.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-font-fms_31bf3856ad364e35_6.1.7601.17514_none_a5f8bb0ccaefbe07\fms_metadata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0246f6465cb859ba\gadget.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-vssapi_31bf3856ad364e35_6.1.7601.17514_none_330ce3bf9861358f\75dfb225-e2e4-4d39-9ac9-ffaff65ddf06.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-t..riventextservice-yi_31bf3856ad364e35_6.1.7600.16385_none_4153c9e11ffae30c\tabletextserviceyi.txt	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\security0.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\sqlpersistenceservice_logic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9777f183a374ccf1\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\htinteractiveres.ps1	github.exe
File opened for modification	\??\c:\windows\media\landscape\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..m-starter.resources_31bf3856ad364e35_6.1.7601.17514_en-us_3335316deeffe44f\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\sqlworkflowinstancestoreschemaupgrade.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..l-wallpaper-windows_31bf3856ad364e35_6.1.7600.16385_none_370717dbca22c586\img0.jpg	github.exe
File opened for modification	\??\c:\windows\debug\wia\wiatrace.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\gradient_onwhite.gif	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb00004.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_en-us_540dcf6ac28b9cb4\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\editappsetting.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\aerodiagnostic.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c0e8fb2048e644c9\microsoft.windows.diagnosis.troubleshootingpack.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\manageappsettings.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\redistlist\frameworklist.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-ultimate.resources_31bf3856ad364e35_6.1.7601.17514_en-us_50e31548c52382db\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-m..ttheme-au-component_31bf3856ad364e35_6.1.7601.17514_none_36a5754e72dd8aff\au-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-iis-powershellprovider_31bf3856ad364e35_6.1.7600.16385_none_0199f7b39523c414\navigationtypes.namespace.xml	github.exe
File opened for modification	\??\c:\windows\pla\reports\en-us\report.system.common.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ba8c4fe6f153aee6\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_en-us_76e8e8ca58eb623d\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..disc-style-flippage_31bf3856ad364e35_6.1.7600.16385_none_0f19716417635239\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-corperfmonsymbols_b03f5f7f11d50a3a_6.1.7600.16385_none_5b4a172573c72f57\corperfmonsymbols.h	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_36bc61b12dcec80c\gadget.xml	github.exe
File opened for modification	\??\c:\windows\inf\.net clr networking 4.0.0.0\_networkingperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\webadminhelp.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\app_code\passwordvaluetextbox.cs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\folder.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\aspx_file.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_906259cc7eaff939\aspnet_perf.h	github.exe
File opened for modification	\??\c:\windows\inf\setupapi.offline.log	github.exe
File opened for modification	\??\c:\windows\media\garden\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallcommon.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\config\netfx40_iis_schema_update.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\cl_detectingdevice.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a47b34406ef9e8fc\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edab1fcc1243cde3\license.rtf	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\printer\cl_utility.ps1	github.exe
File opened for modification	C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe	Explorer.EXE
File opened for modification	\??\c:\windows\web\wallpaper\scenes\img25.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.18216_none_5b589c6dbd59342a\profile.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\appinstalled.gif	github.exe
File opened for modification	\??\c:\windows\installer\120b4.msi	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb00007.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.1.7600.16385_none_6cb4cb2fec54f7c8\default.aspx	github.exe
File opened for modification	\??\c:\windows\installer\6d9a.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1042\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.1.7600.16385_none_ffd9db4d7f4ad539\chooseprovidermanagement.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.1.7600.16385_none_102e2d7aa50c8f5c\_transactionbridgeperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\gradient_onblue.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..mepremium.resources_31bf3856ad364e35_6.1.7601.17514_en-us_209b3b2d083840d2\license.rtf	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\windowsmediaplayermedialibrary\rs_medialibcorrupted.ps1	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\windowsmediaplayerplaydvd\rs_dvddecoder.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\dropsqlworkflowinstancestoreschema.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\providers\manageconsolidatedproviders.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\parameterinfo.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e0e7b1171f7308f0\about_bits_cmdlets.help.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.1.7600.16385_none_02a1a2d949085578\manageallroles.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\users\findusers.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\security.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_36242a66d0a3fac8\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..terprisee.resources_31bf3856ad364e35_6.1.7601.17514_en-us_b4e211957dcdb16b\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\_dataperfcounters_shared12_neutral.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\aspx_file.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..disc-style-huecycle_31bf3856ad364e35_6.1.7600.16385_none_810df6f57d9f2a73\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..inboxgames-freecell_31bf3856ad364e35_6.1.7600.16385_none_b466b741b68bd29a\freecellmce.png	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dd95cd2390bb17bc\calendar.css	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\headergradient_tall.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1037\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..nterprise.resources_31bf3856ad364e35_6.1.7601.17514_en-us_75584897d00dd323\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-musicsamples_31bf3856ad364e35_6.1.7600.16385_none_06495209cbd8e93b\kalimba.mp3	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..terprisen.resources_31bf3856ad364e35_6.1.7601.17514_en-us_07ad843e0bd8f974\license.rtf	github.exe
File opened for modification	\??\c:\windows\pla\system\system diagnostics.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\appconfig\debugandtrace.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\gradient_onblue.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\about_aliases.help.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_485c98bcb69c77c6\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_175ab6276b721d6a\locationnotificationsview.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\bears.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnky009.inf_31bf3856ad364e35_6.1.7600.16385_none_4082e69c83f69105\amd64\kyw7qur8.xml	github.exe
File opened for modification	\??\c:\windows\installer\1209c.msi	github.exe
File opened for modification	\??\c:\windows\media\afternoon\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v3.0\windows workflow foundation\sql\en\tracking_schema.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\sqlpersistenceservice_logic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_e8f2b9ab2a40e84d\gmreadme.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnky002.inf_31bf3856ad364e35_6.1.7600.16385_none_3cc36728d422ea26\amd64\kyw7qury.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_state_perf_h_b03f5f7f11d50a3a_6.1.7600.16385_none_bab9c9a4e2701e07\aspnet_state_perf.h	github.exe
File opened for modification	\??\c:\windows\installer\120a6.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\wizard\wizard.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\ngen_service.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7601.17514_en-us_5aae28245a7a6d34\lipeula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..epremiumn.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bea58db7ca7da311\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnhp003.inf_31bf3856ad364e35_6.1.7600.16385_none_2fd781a76c9dcc13\amd64\hpah470t.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7601.17514_en-us_80e67168127a4a15\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_code\passwordvaluetextbox.cs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_installpersistsql_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d7c7d648fe7470\installpersistsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4e9d378fe10f62e2\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\webadminhelp_internals.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\aspnet_perf.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\wizard\wizard.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_ab6782291b0ca7be\16-on-black.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7601.17514_en-us_f8f6315274e5dc05\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\sqlpersistenceproviderlogic.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\appconfig\smtpsettings.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\folder.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_code\navigationbar.cs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\users\adduser.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\dropsqlworkflowinstancestoreschema.sql	github.exe
File opened for modification	\??\c:\windows\panther\diagerr.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_8cf9aaeb8a316114\installprofile.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\config\defaultwsdlhelpgenerator.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\gradient_onblue.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\roles\managesinglerole.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-gadgets-rssfeedsgadget_31bf3856ad364e35_6.1.7600.16385_none_07861dacd36a18f4\16-on-black.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\globalinstallorder.xml	github.exe
File opened for modification	\??\c:\windows\logs\dism\dism.log	github.exe
File opened for modification	\??\c:\windows\prefetch\agrobust.db	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\datastore\logs\edb00003.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\webadminstyles.css	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\app_code\providerspage.cs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\webadminstyles.css	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\3082\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\speech disambiguation.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..svc-extra.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ceee882be1c01807\report.system.wireless.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\thirdpartynotices.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..epremiume.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6b1dc6ae4ec493c3\license.rtf	github.exe
File opened for modification	\??\c:\windows\starter.xml	github.exe
File opened for modification	\??\c:\windows\diagnostics\index\aerodiagnostic.xml	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\windowsmediaplayerconfiguration\rs_configurationerrors.ps1	github.exe
File opened for modification	\??\c:\windows\inf\setupapi.dev.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\app_code\webadminpage.cs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-d..t-services-unattend_31bf3856ad364e35_6.1.7600.16385_none_25104b6dbe690465\wdsunattendtemplate.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\installer\105d3.msi	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnep00l.inf_31bf3856ad364e35_6.1.7600.16385_none_b2881ef0c3cba5ef\amd64\ep0lvf00.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft.backgroun..nt.module.resources_31bf3856ad364e35_6.1.7600.16385_en-us_eb3c5b6953d3caeb\about_bits_cmdlets.help.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnky007.inf_31bf3856ad364e35_6.1.7600.16385_none_3f70c23251ba1833\amd64\kyw7qur6.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\installpersonalization.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\defineerrorpage.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fd763985ec2c2ae9\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-photosamples_31bf3856ad364e35_6.1.7600.16385_none_f36e0e659b8042be\chrysanthemum.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..d-line-utility-base_31bf3856ad364e35_6.1.7600.16385_none_69c0c0c8dd122d42\xsl-mappings.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\topgradrepeat.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\security\setupauthentication.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-m..ttheme-ca-component_31bf3856ad364e35_6.1.7601.17514_none_fae061a2e0ae5019\ca-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.1.7600.16385_none_21be611582619ce3\createpermission.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-w..ar-wizard.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e3dcb0ba12aa17d7\add_a_device_or_computer_to_a_network_usb.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\selectedtab_1x1.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\darkblue_grad.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.1.7600.16385_none_40b32988515caa44\winfxlist.xml	github.exe
File opened for modification	\??\c:\windows\installer\12073.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\webadminhelp_security.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\helpicon_solid.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.17514_none_2fd7b56967fc5c76\auxbase.xml	github.exe
File opened for modification	\??\c:\windows\globalization\mct\mct-gb\wallpaper\gb-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1038\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\pla\rules\en-us\rules.system.common.xml	github.exe
File opened for modification	\??\c:\windows\web\wallpaper\windows\img0.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx35linq-arrowheadsubsetlist_v20_31bf3856ad364e35_6.1.7600.16385_none_cbd9158b97c32b68\client.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\home1.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1031\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8a074a396aa9e5f1\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\sqlworkflowinstancestoreschemaupgrade.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-winsatmediasamples_31bf3856ad364e35_6.1.7600.16385_none_0b34d0642122c1c4\clip_1080_5sec_10mbps_h264.mp4	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\webadminhelp_security.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\darkblue_grad.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_en-us_83a96f16be1ecf82\license.rtf	github.exe
File opened for modification	\??\c:\windows\installer\12087.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\uiinfo.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-client-editions-matrix_31bf3856ad364e35_6.1.7601.17514_none_b158027114088d14\editionmatrix.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\powerconfig.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_prnts002.inf_31bf3856ad364e35_6.1.7600.16385_none_19d5b3fbc067e0bb\amd64\tsmpu002.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_6.1.7601.17514_none_bcd407cfce259313\reagent.xml	github.exe
File opened for modification	\??\c:\windows\inf\wsearchidxpi\idxcntrs.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\home0.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\branding_full2.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_code\providerspage.cs	github.exe
File opened for modification	\??\c:\windows\professional.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\uninstallmembership.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.16428_none_11b913172f0cb26f\windows feed discovered.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-installsqlstate_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_16dc087b33140e2a\installsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\setuperr.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\unselectedtab_rightcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1032\eula.rtf	github.exe
File opened for modification	\??\c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\windowsupdate.log	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\ts_connectivity.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1029\eula.rtf	github.exe
File opened for modification	\??\c:\windows\softwaredistribution\reportingevents.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\sqlpersistenceservice_schema.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7601.17514_en-us_524aef45cc8b8229\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.2.7601.16406_none_ec8c540d21b01a76\winrm.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\gmreadme.txt	github.exe
File opened for modification	\??\c:\windows\installer\12064.msi	github.exe
File opened for modification	\??\c:\windows\panther\setuperr.log	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-ie-eula.resources_31bf3856ad364e35_11.2.9600.16428_en-us_c6464ed8149df7fd\eula.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v3.0\windows workflow foundation\sql\en\sqlpersistenceservice_logic.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\deselectedtab_1x1.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\mediacenter.digitalmediarenderer.avtransport.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-i..xing-service-server_31bf3856ad364e35_6.1.7601.17514_none_0db5e5844ed6ffe9\perfci.h	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\audio\cl_invocation.ps1	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\security\users\findusers.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_en-us_4a0c23262e7d22c6\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..picturepuzzlegadget_31bf3856ad364e35_6.1.7600.16385_none_725857cf41f74c3f\0.png	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7601.17514_en-us_eded87a2761fb190\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-startern.resources_31bf3856ad364e35_6.1.7600.16385_en-us_9244c0bd2ede2f06\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-t..d-chinese-shuangpin_31bf3856ad364e35_6.1.7600.16385_none_1e8c88df3830bbcc\tabletextservicesimplifiedshuangpin.txt	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\unselectedtab_leftcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\dropsqlpersistenceproviderschema.sql	github.exe
File opened for modification	\??\c:\windows\web\wallpaper\architecture\img13.jpg	github.exe
File opened for modification	\??\c:\windows\performance\winsat\clip_1080_5sec_10mbps_h264.mp4	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-i..integration-support_31bf3856ad364e35_6.1.7600.16385_none_8429bbdebd38db4a\perfwci.h	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\connectionmanager.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_roles_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_bf800577fe8d01bd\installroles.sql	github.exe
File opened for modification	\??\c:\windows\inf\.net clr data\_dataperfcounters.h	github.exe
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe	Explorer.EXE
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\sqlpersistenceproviderschema.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\appconfig\editappsetting.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\app_code\providerspage.cs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_fa402b9ff8d17848\installmembership.sql	github.exe
File opened for modification	\??\c:\windows\diagnostics\system\device\cl_detectingdevice.ps1	github.exe
File opened for modification	\??\c:\windows\installer\6d94.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\app_code\applicationconfigurationpage.cs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\yellowcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1036\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-videosamples_31bf3856ad364e35_6.1.7600.16385_none_51a21f033003affd\wildlife.wmv	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-winre-recoveryagent_31bf3856ad364e35_6.1.7601.17514_none_18f2a35386830449\reagent.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\webadminhelp_application.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\unselectedtab_leftcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\config\netfx45_iis_schema_update.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\spidersolitairemce.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-wlansvc_31bf3856ad364e35_6.1.7601.17514_none_fa6a47c21b85ab79\report.system.wireless.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_common_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_9b5d3c5138868587\installcommon.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.1.7600.16385_none_d5842bb2904185f4\installpersonalization.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_code\securitypage.cs	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1043\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\about_aliases.help.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-xpsreachviewer_31bf3856ad364e35_6.1.7600.16385_none_7b64ef799c494a30\xpsrchvw.xml	github.exe
File opened for modification	\??\c:\windows\inf\.net data provider for oracle\_dataoracleclientperfcounters_shared12_neutral.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\providers\manageconsolidatedproviders.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\providers\chooseprovidermanagement.aspx	github.exe
File opened for modification	\??\c:\windows\servicing\editions\editionmatrix.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-m..cationnotifications_31bf3856ad364e35_6.1.7600.16385_none_737951ab23cf8ea0\locationnotificationsview.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..fessional.resources_31bf3856ad364e35_6.1.7600.16385_en-us_278ad39305c15e4c\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\appconfig\createappsetting.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1041\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\pla\rules\rules.system.common.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.1.7600.16385_none_0d1a731008072b5c\defaultwsdlhelpgenerator.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.1.7600.16385_none_b2f13959a6eed1a5\uninstallpersistsqlstate.sql	github.exe
File opened for modification	\??\c:\windows\globalization\mct\mct-au\wallpaper\au-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\branding_full2.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\aspx_file.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-t..ied-chinese-quanpin_31bf3856ad364e35_6.1.7600.16385_none_53b99503d9f5dfe1\tabletextservicesimplifiedquanpin.txt	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-security-spp-tools_31bf3856ad364e35_6.1.7600.16385_none_456f9c422073f3b7\slmgr.vbs	github.exe
File opened for modification	\??\c:\windows\inf\smsvchost 4.0.0.0\_smsvchostperfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\appconfig\createappsetting.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\image1.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1030\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-w3svc_31bf3856ad364e35_6.1.7600.16385_none_1a0b3f4b23047c9b\w3ctrs.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\headergradient_tall.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\gradient_onwhite.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..c-style-performance_31bf3856ad364e35_6.1.7600.16385_none_1d8aecb671a2bda5\720x480blacksquare.png	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-iis-legacyscripts_31bf3856ad364e35_6.1.7600.16385_none_e49008e2c548c75f\iisext.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..howgadget-insidebar_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261\bg_sidebar.png	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\dropsqlworkflowinstancestorelogic.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\cmnicfg.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1038\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fe8f8ca0a21cfbfe\lipeula.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\deselectedtab_1x1.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\unselectedtab_rightcorner.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\3082\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_39b468a7491888f2\calendar.css	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-h..putername.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f7fc29722da787f\oobe_help_change_computer_name.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\chessmce.png	github.exe
File opened for modification	\??\c:\windows\ehome\mcetuningoverrides.xml	github.exe
File opened for modification	\??\c:\windows\installer\1205f.msi	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1055\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\gadget.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_netfx35linq-arrowheadsubsetlist_v30_31bf3856ad364e35_6.1.7600.16385_none_cbce459f97cb4759\client.xml	github.exe
File opened for modification	\??\c:\windows\pfro.log	github.exe
File opened for modification	\??\c:\windows\logs\cbs\cbs.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\2052\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-nettrace-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_f72251fe8a04e1e5\gathernetworkinfo.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\wow64_microsoft-windows-iis-odbclogging_31bf3856ad364e35_6.1.7600.16385_none_3a95043523dddbb9\logtemp.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\webadminhelp_provider.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1025\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_a9cf548d21b86a2f\(120dpi)alerticon.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_7.2.7601.16406_none_e237a9baed4f587b\winrm.vbs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\cl_utility.ps1	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.1.7600.16385_none_f72b6337a9731440\_servicemodelserviceperfcounters.h	github.exe
File opened for modification	\??\c:\windows\inf\windows workflow foundation 3.0.0.0\perfcounters.h	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\security\users\edituser.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\sql\en\sqlworkflowinstancestoreschema.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallmembership.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\uninstallprofile.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_data\groupedproviders.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-iis-odbclogging_31bf3856ad364e35_6.1.7600.16385_none_304059e2ef7d19be\logtemp.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..disc-style-babygirl_31bf3856ad364e35_6.1.7600.16385_none_b2bd01695c9021fd\16_9-frame-background.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.1.7600.16385_none_094460616193b3f6\webadminhelp.aspx	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\asp.netwebadminfiles\images\selectedtab_rightcorner.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-n..s-directaccessentry_31bf3856ad364e35_6.1.7600.16385_none_52b3ba1508e42ec5\networkdiagnostics_6_da.xml	github.exe
File opened for modification	\??\c:\windows\logs\dpx\setupact.log	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\image1.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_c1407bc73caf8dfc\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fddcd6a1ab604da\clock.css	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..-startere.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7e5b0618fdcd600d\license.rtf	github.exe
File opened for modification	\??\c:\windows\ehome\en-us\epgtos.txt	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\sql\en\sqlpersistenceservice_schema.sql	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..omebasice.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0acb6c5935e40029\license.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..tyle-resizingpanels_31bf3856ad364e35_6.1.7600.16385_none_bc51073aee3391ed\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-shell-soundthemes-raga_31bf3856ad364e35_6.1.7600.16385_none_2fe300bf8e73cdbd\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\installsqlstatetemplate.sql	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1032\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\setupcache\v4.7.03062\1053\localizeddata.xml	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-l..l-starter.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8027a962d89e807a\license.rtf	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\folder.gif	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\images\helpicon_solid.gif	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\report.system.common.xml	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\webadminhelp_application.aspx	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-ie-eula.resources_31bf3856ad364e35_11.2.9600.16428_en-us_2264ea5bccfb6933\eula.rtf	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-o..ediadisc-style-push_31bf3856ad364e35_6.1.7600.16385_none_cc073ae540855a07\1047x576black.png	github.exe
File opened for modification	\??\c:\windows\media\delta\windows balloon.wav	github.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\asp.netwebadminfiles\app_code\applicationconfigurationpage.cs	github.exe
File opened for modification	\??\c:\windows\winsxs\amd64_microsoft-windows-m..ttheme-za-component_31bf3856ad364e35_6.1.7601.17514_none_a5926b147a413e6a\za-wp1.jpg	github.exe
File opened for modification	\??\c:\windows\winsxs\x86_microsoft-windows-l..essionale.resources_31bf3856ad364e35_6.1.7601.17514_en-us_19fef411813ba5c2\license.rtf	github.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1776	1216	WerFault.exe	20

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
984	iexplore.exe
984	iexplore.exe
984	iexplore.exe
984	iexplore.exe
984	iexplore.exe
984	iexplore.exe
984	iexplore.exe
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
984	iexplore.exe
984	iexplore.exe
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE

Suspicious use of SendNotifyMessage 153 IoCs

pid	Process
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Active Setup\Installed Components	Explorer.EXE

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 984 wrote to memory of 1756	984	iexplore.exe	30
PID 984 wrote to memory of 1756	984	iexplore.exe	30
PID 984 wrote to memory of 1756	984	iexplore.exe	30
PID 984 wrote to memory of 1756	984	iexplore.exe	30
PID 1776 wrote to memory of 1840	1776	WerFault.exe	32
PID 1776 wrote to memory of 1840	1776	WerFault.exe	32
PID 1776 wrote to memory of 1840	1776	WerFault.exe	32
PID 1840 wrote to memory of 1156	1840	Explorer.EXE	37
PID 1840 wrote to memory of 1156	1840	Explorer.EXE	37
PID 1840 wrote to memory of 1156	1840	Explorer.EXE	37

Modifies service 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Modify Existing Service

T1031

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NapAgent\Shas	Explorer.EXE
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\NapAgent\Qecs	Explorer.EXE

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90328a111e42d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor = "100000"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "298884938"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Toolbar	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor = "75000"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39150791-AE11-11EA-B800-6AF3B8BE5B02} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Zoom\ZoomFactor = "50000"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007cf8d5bd09b0364592b95b96ab312388000000000200000000001066000000010000200000005e2928cf8bda59df2938c6d5858d2fbd3f7c49b6312bc79c2d08da273ad94e13000000000e80000000020000200000004fa69353d74f87d76d96236045ac73d4bfad438c9aadb2aedcfb02eb7779731890000000df5ad102d53014182b468ea6451378bc091df3dce5bf7174f4b7d47f13f70d980f87eb9ef454ab702f0edb35ce99a005a40037d1b0295642804442e363028fa9fea7e74d4b340878fe1e684c383a0a7425bd17b0d6b62aea8e9fe000fe3db75dee20fb324aa3980b4f62a02c123bfaf1e212ff806f9980da4aebf8242775fe4ffde9135c6af4a987f776e6f67ec419d64000000056072ce568327d5f5e4fe1b714f1186cbc0b832b675afc2938ce4b6c05299f3cd28058668ccfcdf874780d8bc912ddf9c2a23216b0b5dfb599965e423f7b0a1c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007cf8d5bd09b0364592b95b96ab312388000000000200000000001066000000010000200000007dd74380d984eaec1f4283ba9ee98354f7acc4d09a32a2eae1a404a3071857bf000000000e800000000200002000000011c8c1d239698998e574bbd825b7c6dcffe5a23ceff4d10aa03e143a45684b0f20000000bee20ef7074e4e46f90db6f49e5df24835bdd1297593683d386492d6e3286d894000000024ce1a3339fc787e2719ed0d1da1489c59dd986018583691fe5e5daeceddd5e6087d73a1d0fc7f1532d9fc1e0fa2614e3420a1795e01346d4bac8c0cead8d817	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\syswow64\drivers\gmreadme.txt	github.exe
File opened for modification	\??\c:\windows\system32\drivers\gmreadme.txt	github.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Explorer.EXE

Modifies registry class 122 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Rev = "0"	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 9e0000001a00eebbfe23000010000aab12216ac8fe4fa3680de96e47012e00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbea7722a3ffa99db4da5a8c604edf61d6b8207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "3"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "96"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_Classes\Local Settings	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Rev = "0"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a00000002e37a3569cced2119f0e006097c686f602000000780000002e37a3569cced2119f0e006097c686f604000000800000002e37a3569cced2119f0e006097c686f60700000028000000e0859ff2f94f6810ab9108002b27b3d90200000090000000	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Rev = "0"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "1"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Vid = "{0057D0E0-3573-11CF-AE69-08002B2E1262}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\LogicalViewMode = "2"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\MRUListEx = ffffffff	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\TV_FolderType = "{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\TV_TopViewVersion = "0"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByKey:PID = "0"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 03000000020000000000000001000000ffffffff	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Vid = "{0057D0E0-3573-11CF-AE69-08002B2E1262}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\FFlags = "1092616209"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000030000000200000001000000ffffffff	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a0000000e0859ff2f94f6810ab9108002b27b3d9050000005800000030f125b7ef471a10a5f102608c9eebac0c00000050000000920444648b4cd1118b70080036b11a030900000060000000	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3\NodeSlot = "6"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\TV_TopViewVersion = "0"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "96"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Rev = "0"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\FFlags = "1092616193"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\TV_FolderType = "{631958A6-AD0F-4035-A745-28AC066DC6ED}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByDirection = "1"	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 9e0000001a00eebbfe23000010002f921e494356f44aa7eb4e7a138d817400002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbea65819630fad3540a74528ac066dc6ed8207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "1"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupView = "0"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000900444648b4cd1118b70080036b11a030300000078000000	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 = 9e0000001a00eebbfe23000010009fae90a93ba0804e94bc9912d750410400002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbeebaa2b0b4200ca4daa4d3ee8648d03e58207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "3"	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\Mode = "6"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193"	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\TV_TopViewVersion = "0"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\TV_TopViewVersion = "0"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "3"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\IconSize = "48"	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{C4D98F09-6124-4FE0-9942-826416082DA9}\Rev = "0"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 01000000000000000300000002000000ffffffff	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{3F2A72A7-99FA-4DDB-A5A8-C604EDF61D6B}	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "5"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\{631958A6-AD0F-4035-A745-28AC066DC6ED}	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\TV_FolderType = "{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}"	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	Explorer.EXE

Suspicious use of AdjustPrivilegeToken 53 IoCs

description	pid	Process
Token: SeDebugPrivilege	1776	WerFault.exe
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeSecurityPrivilege	1840	Explorer.EXE
Token: SeTakeOwnershipPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeSecurityPrivilege	1840	Explorer.EXE
Token: SeTakeOwnershipPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeSecurityPrivilege	1840	Explorer.EXE
Token: SeTakeOwnershipPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE
Token: SeShutdownPrivilege	1840	Explorer.EXE

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe
1776	WerFault.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1840	Explorer.EXE

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
984	iexplore.exe
984	iexplore.exe
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE
1840	Explorer.EXE

Drops file in System32 directory 182 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\homebasice\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\professionaln\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\locationnotificationsview.xml	github.exe
File opened for modification	\??\c:\windows\system32\migwiz\migapp.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\homebasice\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\config\security.log	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\ultimatee\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\ultimaten\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\professionale\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\enterprisee\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnep002.inf_amd64_neutral_efc4a7485b172c07\amd64\ep0sbt00.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\enterprisee\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\homepremiumn\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\startere\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnky008.inf_amd64_neutral_9f6abc54cbf095f2\amd64\kyw7qur7.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\homebasic\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\homebasicn\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\ultimate\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\ime\imejp10\applets\imjpclst.xml	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\tsprint.inf_amd64_neutral_c48d421ad2c1e3e3\tsprint-pipelineconfig.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\enterprisee\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\msdtc\msdtc.log	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\enterprisen\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\starter\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\windowspowershell\v1.0\examples\profile.ps1	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\homepremiumn\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\professionaln\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnhp005.inf_amd64_neutral_914d6c300207814f\amd64\hp6000at.xml	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnky002.inf_amd64_neutral_525d9740c77e325f\amd64\kyw7qury.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\enterprisee\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\ultimate\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\professional\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\wbem\xsl-mappings.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\enterprise\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\homebasice\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\catroot2\dberr.txt	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\enterprise\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\homepremiume\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\windowspowershell\v1.0\modules\troubleshootingpack\en-us\microsoft.windows.diagnosis.troubleshootingpack.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\enterprise\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\enterprisen\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\professionale\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\sysprep\panther\ie\diagerr.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\homepremiume\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\homepremiumn\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\startern\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnhp002.inf_amd64_neutral_04d05d1f6a90ea24\amd64\hpc1rwsl.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\startere\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\enterprise\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\ultimatee\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\ultimatee\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnep00l.inf_amd64_neutral_f1fa021d2221e2c7\amd64\ep0lvf00.xml	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnky005.inf_amd64_neutral_8836be987024e6a9\amd64\kyw7qur3.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\homebasice\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnky009.inf_amd64_neutral_8e54c9ff272b72f1\amd64\kyw7qur8.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\starter\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\ultimate\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\ime\imejp10\applets\imjpclst.xml	github.exe
File opened for modification	\??\c:\windows\system32\windowspowershell\v1.0\modules\bitstransfer\en-us\about_bits_cmdlets.help.txt	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\professional\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\starter\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\config\system.log	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\homepremium\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\startere\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\icsxml\cmnicfg.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\printing_admin_scripts\en-us\prncnfg.vbs	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\enterprisee\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\enterprisee\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnhp003.inf_amd64_neutral_4480210763997eb4\amd64\hpah470t.xml	github.exe
File opened for modification	\??\c:\windows\system32\smi\store\machine\schema.dat.log	github.exe
File opened for modification	\??\c:\windows\system32\sysprep\panther\ie\setupact.log	github.exe
File opened for modification	\??\c:\windows\system32\windowspowershell\v1.0\modules\applocker\en-us\microsoft.security.applicationid.policymanagement.cmdlets.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\ultimatee\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\recovery\reagent.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\wcn\en-us\add_a_device_or_computer_to_a_network_usb.rtf	github.exe
File opened for modification	\??\c:\windows\system32\config\sam.log	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\homebasic\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\oobe\en-us\help_what_is_activation.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\professionaln\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\homebasice\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnky004.inf_amd64_neutral_5db759db19acd3ae\amd64\kyw7qur4.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\enterprisen\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\homepremiume\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\homebasic\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\windowspowershell\v1.0\examples\profile.ps1	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnrc00a.inf_amd64_neutral_565c5d04cc520c48\amd64\ricfg7.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\startern\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\homebasic\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\professionaln\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\icsxml\cmnicfg.xml	github.exe
File opened for modification	\??\c:\windows\system32\printing_admin_scripts\en-us\prncnfg.vbs	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\homepremium\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\migwiz\postmigres\web\base_images\appinstalled.gif	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnky003.inf_amd64_neutral_fe7ea176f20ab839\amd64\kyw7qur2.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\professional\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\professional\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\professionaln\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\migwiz\migapp.xml	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnrc00c.inf_amd64_neutral_53a58f4fd7d88575\amd64\ricfg7.xml	github.exe
File opened for modification	\??\c:\windows\system32\recovery\reagent.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\professional\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\erofflps.txt	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\startere\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\migwiz\postmigres\web\reportapi.js	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\starter\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\homepremium\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\ultimaten\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\enterprisen\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\ultimate\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\homebasicn\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\ultimaten\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\homebasicn\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnhp004.inf_amd64_neutral_53f688945cfc24cc\amd64\hpb8500t.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\ultimaten\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\professionale\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\startern\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\config\components.log	github.exe
File opened for modification	\??\c:\windows\system32\config\default.log	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnky007.inf_amd64_neutral_e637699044f367f3\amd64\kyw7qur6.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\professional\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\homepremiumn\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\homebasicn\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\startern\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\windowspowershell\v1.0\en-us\default.help.txt	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\starter\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\homepremium\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\windowspowershell\v1.0\modules\troubleshootingpack\en-us\microsoft.windows.diagnosis.troubleshootingpack.dll-help.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\starter\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\homepremiumn\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\migwiz\postmigres\web\reportapi.js	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\erofflps.txt	github.exe
File opened for modification	\??\c:\windows\system32\gathernetworkinfo.vbs	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\homepremium\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\professionale\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\ultimaten\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\wbem\xsl-mappings.xml	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnts002.inf_amd64_neutral_ad2aa922aa11af2c\amd64\tsmpu002.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\windowspowershell\v1.0\en-us\default.help.txt	github.exe
File opened for modification	\??\c:\windows\system32\config\software.log	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\homepremiume\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\homepremium\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\professionale\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\startern\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\restore\machineguid.txt	github.exe
File opened for modification	\??\c:\windows\system32\sysprep\panther\ie\diagwrn.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\homebasic\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\amd64\cnbx4pipelineconfig.xml	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnky006.inf_amd64_neutral_522043c34551b0c0\amd64\kyw7qur5.xml	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnts003.inf_amd64_neutral_33a68664c7e7ae4b\amd64\tsmxu003.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\professionale\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\migwiz\postmigres\data\hardwarevendors.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\ultimate\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\ultimatee\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\homebasic\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\migwiz\postmigres\web\base_images\appinstalled.gif	github.exe
File opened for modification	\??\c:\windows\syswow64\windowspowershell\v1.0\modules\bitstransfer\en-us\about_bits_cmdlets.help.txt	github.exe
File opened for modification	\??\c:\windows\system32\config\systemprofile\ntuser.dat.log	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\professionaln\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\migwiz\postmigres\data\hardwarevendors.xml	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\startern\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\homebasicn\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\enterprisen\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\enterprise\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\homebasice\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\wcn\en-us\add_a_device_or_computer_to_a_network_usb.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\eval\enterprisen\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\config\bcd-template.log	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\homepremiumn\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\startere\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\oem\homebasicn\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\_default\homepremiume\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\sysprep\panther\ie\setuperr.log	github.exe
File opened for modification	\??\c:\windows\system32\wbem\performance\wmiaprpl.h	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\startere\license.rtf	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnkm003.inf_amd64_neutral_48652cda3bb15180\amd64\koc353x.xml	github.exe
File opened for modification	\??\c:\windows\system32\driverstore\filerepository\prnsa002.inf_amd64_neutral_d9df1d04d8cbe336\amd64\smc350u.xml	github.exe
File opened for modification	\??\c:\windows\system32\en-us\licenses\eval\ultimate\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\ultimatee\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\oem\ultimaten\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\enterprise\license.rtf	github.exe
File opened for modification	\??\c:\windows\syswow64\en-us\licenses\_default\homepremiume\license.rtf	github.exe

C:\Users\Admin\AppData\Local\Temp\github.exe
"C:\Users\Admin\AppData\Local\Temp\github.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Drops file in Drivers directory
- Drops file in System32 directory
PID:272

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1876

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\Read-me! 0 .html
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
- Modifies Internet Explorer settings
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:984
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:984 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Checks whether UAC is enabled
  - Suspicious use of SetWindowsHookEx
  PID:1756

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1216 -s 2580
1⤵
- Program crash
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:1776
- C:\Windows\Explorer.EXE
  "C:\Windows\Explorer.EXE"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Modifies Installed Components in the registry
  - Suspicious use of WriteProcessMemory
  - Modifies service
  - Modifies Internet Explorer settings
  - Checks whether UAC is enabled
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1840
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    3⤵
    PID:1156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/984-10-0x0000000004370000-0x0000000004371000-memory.dmp

Filesize
4KB

Download
memory/984-6-0x0000000004370000-0x0000000004371000-memory.dmp

Filesize
4KB

Download
memory/984-4-0x0000000004080000-0x0000000004081000-memory.dmp

Filesize
4KB

Download
memory/984-8-0x0000000004370000-0x0000000004371000-memory.dmp

Filesize
4KB

Download
memory/1776-1-0x0000000003270000-0x0000000003281000-memory.dmp

Filesize
68KB

Download
memory/1776-0-0x0000000001D80000-0x0000000001D91000-memory.dmp

Filesize
68KB

Download
memory/1840-142-0x000000000A290000-0x000000000A294000-memory.dmp

Filesize
16KB

Download
memory/1840-102-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

Filesize
4KB

Download
memory/1840-98-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/1840-28-0x00000000044A0000-0x00000000044A1000-memory.dmp

Filesize
4KB

Download
memory/1840-143-0x000000000A290000-0x000000000A294000-memory.dmp

Filesize
16KB

Download
memory/1840-144-0x000000000A290000-0x000000000A294000-memory.dmp

Filesize
16KB

Download
memory/1840-145-0x000000000A290000-0x000000000A294000-memory.dmp

Filesize
16KB

Download
memory/1840-146-0x0000000005030000-0x0000000005031000-memory.dmp

Filesize
4KB

Download
memory/1840-147-0x0000000005030000-0x0000000005031000-memory.dmp

Filesize
4KB

Download
memory/1840-152-0x0000000005000000-0x0000000005001000-memory.dmp

Filesize
4KB

Download
memory/1840-159-0x0000000005030000-0x0000000005031000-memory.dmp

Filesize
4KB

Download
memory/1840-160-0x0000000005030000-0x0000000005031000-memory.dmp

Filesize
4KB

Download