Malware Analysis Report

2024-11-30 13:31

Sample ID 240604-q1g1tahh62
Target q.exe
SHA256 5ed2589adefe4af1d23cdc010f5ec0977ba2e75ce3f69a52d4677cfab0016ab0
Tags
pyinstaller discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5ed2589adefe4af1d23cdc010f5ec0977ba2e75ce3f69a52d4677cfab0016ab0

Threat Level: Shows suspicious behavior

The file q.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller discovery

Loads dropped DLL

Modifies file permissions

Detects Pyinstaller

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 13:43

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 13:43

Reported

2024-06-04 13:44

Platform

win10-20240404-en

Max time kernel

56s

Max time network

63s

Command Line

"C:\Users\Admin\AppData\Local\Temp\q.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\q.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\q.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4364 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Users\Admin\AppData\Local\Temp\q.exe
PID 4364 wrote to memory of 1848 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Users\Admin\AppData\Local\Temp\q.exe
PID 1848 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4396 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4712 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 3568 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 200 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4880 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 316 wrote to memory of 3212 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zG.exe
PID 316 wrote to memory of 3212 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zG.exe
PID 4712 wrote to memory of 68 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 4712 wrote to memory of 68 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1848 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 508 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 508 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 3488 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1500 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1796 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 216 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 3312 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1848 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\q.exe

"C:\Users\Admin\AppData\Local\Temp\q.exe"

C:\Users\Admin\AppData\Local\Temp\q.exe

"C:\Users\Admin\AppData\Local\Temp\q.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7z.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zG.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

"C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe

"C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

"C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Program Files\Internet Explorer\ExtExport.exe

"C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

"C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

"C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Java\jdk-1.8\bin\javac.exe

"C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Program Files\Internet Explorer\ielowutil.exe

"C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Program Files\Java\jdk-1.8\bin\javah.exe

"C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe

"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

"C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

"C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\kinit.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff6f5117688,0x7ff6f5117698,0x7ff6f51176a8

C:\Program Files\Java\jre-1.8\bin\orbd.exe

"C:\Program Files\Java\jre-1.8\bin\orbd.exe"

C:\Program Files\Java\jre-1.8\bin\pack200.exe

"C:\Program Files\Java\jre-1.8\bin\pack200.exe"

C:\Program Files\Java\jre-1.8\bin\policytool.exe

"C:\Program Files\Java\jre-1.8\bin\policytool.exe"

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

"C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"

C:\Program Files\Java\jre-1.8\bin\ktab.exe

"C:\Program Files\Java\jre-1.8\bin\ktab.exe"

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

"C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

"C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

"C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Program Files\Java\jdk-1.8\bin\klist.exe

"C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

"C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"

C:\Program Files\Java\jre-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe"

C:\Program Files\Java\jre-1.8\bin\kinit.exe

"C:\Program Files\Java\jre-1.8\bin\kinit.exe"

C:\Program Files\Java\jre-1.8\bin\rmid.exe

"C:\Program Files\Java\jre-1.8\bin\rmid.exe"

C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe

"C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"

C:\Program Files\Java\jre-1.8\bin\servertool.exe

"C:\Program Files\Java\jre-1.8\bin\servertool.exe"

C:\Program Files\Java\jre-1.8\bin\tnameserv.exe

"C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"

C:\Program Files\Java\jre-1.8\bin\unpack200.exe

"C:\Program Files\Java\jre-1.8\bin\unpack200.exe"

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe

"C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"

C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

"C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\misc.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"

C:\Program Files\Java\jre-1.8\bin\java.exe

"C:\Program Files\Java\jre-1.8\bin\java.exe"

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe"

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"

C:\Program Files\Java\jre-1.8\bin\keytool.exe

"C:\Program Files\Java\jre-1.8\bin\keytool.exe"

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

"C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"

C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

"C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"

C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe

"C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"

C:\Program Files\Java\jdk-1.8\bin\serialver.exe

"C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Program Files\Java\jdk-1.8\bin\unpack200.exe

"C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

"C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"

C:\Program Files\Java\jdk-1.8\bin\xjc.exe

"C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Program Files\Common Files\microsoft shared\ink\mip.exe

"C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffd9cb39758,0x7ffd9cb39768,0x7ffd9cb39778

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoia.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

"C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe

"C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\crashreporter.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\default-browser-agent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\maintenanceservice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\pingsender.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\plugin-container.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\private_browsing.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MpCmdRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MpUXSrv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MSASCui.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MSASCuiL.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MsMpEng.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\NisSrv.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\wab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\wabmig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\WinMail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\setup_wm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpconfig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmprph.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Builder3D.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\AppxClickHandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\MessagingApplication.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\3DViewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\3DViewer.ResourceResolver.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Solitaire.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteim.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\PeopleApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe\PurchaseApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Time.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\WindowsCamera.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxAccounts.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxMail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\PilotshubApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Maps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\SoundRec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\WinStore.App.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\XboxApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\GameBar.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\XboxIdp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\SpeechToTextOverlay64-Retail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Music.UI.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Video.UI.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\Install\{16192F7A-F8D4-4DCE-BE88-BF122FCFADB8}\chrome_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ExtExport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ielowutil.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\wab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\wabmig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\WinMail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmprph.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Upload Center.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe

"C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

"C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

"C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd9cb39758,0x7ffd9cb39768,0x7ffd9cb39778

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

"C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Program Files\Java\jdk-1.8\bin\jar.exe

"C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Program Files\Java\jdk-1.8\bin\javap.exe

"C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

"C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

"C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Program Files\Java\jdk-1.8\bin\jps.exe

"C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

"C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

"C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

"C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

"C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

"C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

"C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Program Files\Internet Explorer\iediagcmd.exe

"C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Program Files\Internet Explorer\ieinstal.exe

"C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Program Files\Java\jre-1.8\bin\klist.exe

"C:\Program Files\Java\jre-1.8\bin\klist.exe"

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Program Files\Java\jre-1.8\bin\jjs.exe

"C:\Program Files\Java\jre-1.8\bin\jjs.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff689cc7688,0x7ff689cc7698,0x7ff689cc76a8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Users\Admin\AppData\Local\Temp\7z7306E25C\Uninst.exe

C:\Users\Admin\AppData\Local\Temp\7z7306E25C\Uninst.exe /N /D="C:\Program Files\7-Zip\"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffd9cb39758,0x7ffd9cb39768,0x7ffd9cb39778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Windows Defender\MsMpEng.exe

"C:\Program Files\Windows Defender\MsMpEng.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

"C:\Program Files\Mozilla Firefox\default-browser-agent.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe

"C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"

C:\Program Files\Windows Media Player\wmpconfig.exe

"C:\Program Files\Windows Media Player\wmpconfig.exe"

C:\Program Files\Windows Mail\wabmig.exe

"C:\Program Files\Windows Mail\wabmig.exe"

C:\Program Files\Windows Media Player\wmpshare.exe

"C:\Program Files\Windows Media Player\wmpshare.exe"

C:\Program Files\Windows Defender\MSASCui.exe

"C:\Program Files\Windows Defender\MSASCui.exe"

C:\Program Files\Windows NT\Accessories\wordpad.exe

"C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe

"C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe"

C:\Program Files\Windows Photo Viewer\ImagingDevices.exe

"C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"

C:\Program Files\Windows Media Player\wmplayer.exe

"C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe"

C:\Program Files\Windows Media Player\setup_wm.exe

"C:\Program Files\Windows Media Player\setup_wm.exe"

C:\Program Files\Windows Defender\MSASCuiL.exe

"C:\Program Files\Windows Defender\MSASCuiL.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Program Files\Windows Defender\MpCmdRun.exe

"C:\Program Files\Windows Defender\MpCmdRun.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe

"C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Program Files\Java\jdk-1.8\bin\rmic.exe

"C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Program Files\Java\jdk-1.8\bin\wsimport.exe

"C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"

C:\Program Files\Java\jdk-1.8\bin\rmid.exe

"C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Program Files\Java\jdk-1.8\bin\schemagen.exe

"C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"

C:\Program Files\Java\jdk-1.8\bin\wsgen.exe

"C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

"C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Program Files\Java\jdk-1.8\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Program Files\Java\jre-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"

C:\Program Files\Microsoft Office\root\Office16\msoev.exe

"C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Program Files\Microsoft Office\root\Office16\msotd.exe

"C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe

"C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"

C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

"C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"

C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

"C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

"C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

"C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"

C:\Program Files\Microsoft Office\root\Office16\msoia.exe

"C:\Program Files\Microsoft Office\root\Office16\msoia.exe"

C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

"C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"

C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

"C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe"

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

"C:\Program Files\Mozilla Firefox\maintenanceservice.exe"

C:\Program Files\Mozilla Firefox\private_browsing.exe

"C:\Program Files\Mozilla Firefox\private_browsing.exe"

C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe

"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"

C:\Program Files\VideoLAN\VLC\uninstall.exe

"C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\java.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\java.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"

C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Program Files\Mozilla Firefox\uninstall\helper.exe

"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Program Files\Mozilla Firefox\updater.exe

"C:\Program Files\Mozilla Firefox\updater.exe"

C:\Program Files\Mozilla Firefox\pingsender.exe

"C:\Program Files\Mozilla Firefox\pingsender.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"

C:\Program Files\Windows Mail\wab.exe

"C:\Program Files\Windows Mail\wab.exe"

C:\Program Files\Windows Media Player\wmpnetwk.exe

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe"

C:\Program Files\Windows Defender\NisSrv.exe

"C:\Program Files\Windows Defender\NisSrv.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaws.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaws.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"

C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe

"C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe"

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe"

C:\Program Files\Windows Media Player\wmprph.exe

"C:\Program Files\Windows Media Player\wmprph.exe"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe"

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail.exe"

C:\Program Files (x86)\Windows Media Player\wmprph.exe

"C:\Program Files (x86)\Windows Media Player\wmprph.exe"

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"

C:\Program Files (x86)\Windows Mail\wabmig.exe

"C:\Program Files (x86)\Windows Mail\wabmig.exe"

C:\Program Files (x86)\Google\Update\Install\{16192F7A-F8D4-4DCE-BE88-BF122FCFADB8}\chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{16192F7A-F8D4-4DCE-BE88-BF122FCFADB8}\chrome_installer.exe"

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

"C:\Program Files (x86)\Internet Explorer\ieinstal.exe"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaw.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaw.exe"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Windows Media Player\wmpshare.exe

"C:\Program Files (x86)\Windows Media Player\wmpshare.exe"

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

"C:\Program Files (x86)\Internet Explorer\ExtExport.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"

C:\Program Files\Windows Defender\MpUXSrv.exe

"C:\Program Files\Windows Defender\MpUXSrv.exe"

C:\Program Files (x86)\Windows Media Player\wmlaunch.exe

"C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"

C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"

C:\Program Files\Windows Media Player\wmlaunch.exe

"C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Program Files\Mozilla Firefox\plugin-container.exe

"C:\Program Files\Mozilla Firefox\plugin-container.exe"

C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe

"C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"

C:\Program Files (x86)\Windows Mail\wab.exe

"C:\Program Files (x86)\Windows Mail\wab.exe"

C:\Program Files (x86)\Windows Media Player\wmpconfig.exe

"C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"

C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"

C:\Program Files (x86)\Windows Mail\WinMail.exe

"C:\Program Files (x86)\Windows Mail\WinMail.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7z.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\34ed9bf7cd10492eb5c69466d73e1acc /t 10456 /p 5600

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9592.0.709118382\141297903" -parentBuildID 20221007134813 -prefsHandle 1596 -prefMapHandle 1608 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93fc62bd-c05d-4efc-9835-4578f4237459} 9592 "\\.\pipe\gecko-crash-server-pipe.9592" 1704 2dae1a0a758 gpu

C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe

"C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe" -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9592.1.1416453778\1400412896" -parentBuildID 20221007134813 -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d66dcda-6e84-443d-b369-e0f4186895d0} 9592 "\\.\pipe\gecko-crash-server-pipe.9592" 2124 2dae09e6b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9592.2.2116185215\178099824" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2588 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f8b4fc7-1146-4593-a36b-0831ebd5476a} 9592 "\\.\pipe\gecko-crash-server-pipe.9592" 2520 2dae4082e58 tab

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Windows\system32\dxdiag.exe

"C:\Windows\system32\dxdiag.exe" /x C:\Users\Admin\AppData\Local\Temp\dxdiag.xml

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\PrintDialog\PrintDialog.exe

"C:\Windows\PrintDialog\PrintDialog.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe

"C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe"

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe"

C:\Windows\hh.exe

"C:\Windows\hh.exe" C:\Program Files\7-Zip\7-zip.chm

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Program Files\Windows NT\Accessories\wordpad.exe

"C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\secpol.msc" /s

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:352 CREDAT:82945 /prefetch:2

C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE

"C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9592.3.469121643\2047315548" -childID 2 -isForBrowser -prefsHandle 3380 -prefMapHandle 3376 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d59b2ac7-e6fb-487d-adeb-3b8594e6dd82} 9592 "\\.\pipe\gecko-crash-server-pipe.9592" 3388 2dae5fc1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9592.4.1519966450\378571192" -childID 3 -isForBrowser -prefsHandle 4280 -prefMapHandle 4268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 896 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f79b0da-950f-4d81-b9b8-aa96c1391f8b} 9592 "\\.\pipe\gecko-crash-server-pipe.9592" 4276 2dad6858758 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffd9cb39758,0x7ffd9cb39768,0x7ffd9cb39778

C:\Windows\System32\Control.exe

"C:\Windows\System32\Control.exe"

C:\Program Files\Microsoft Office\root\Office16\msoev.exe

"C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc"

C:\Windows\system32\WFS.exe

"C:\Windows\system32\WFS.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\WF.msc"

C:\Windows\system32\iscsicpl.exe

"C:\Windows\system32\iscsicpl.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\comexp.msc"

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe" "C:\Program Files\Microsoft Office\Root\Office16\MSOUC.EXE"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\perfmon.msc" /s

C:\Windows\MiracastView\MiracastView.exe

"C:\Windows\MiracastView\MiracastView.exe"

C:\Windows\system32\odbcad32.exe

"C:\Windows\system32\odbcad32.exe"

C:\Windows\system32\msconfig.exe

"C:\Windows\system32\msconfig.exe"

C:\Windows\system32\mstsc.exe

"C:\Windows\system32\mstsc.exe"

C:\Windows\system32\perfmon.exe

"C:\Windows\system32\perfmon.exe" /res

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" -Embedding

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe" "C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"

C:\Windows\system32\quickassist.exe

"C:\Windows\system32\quickassist.exe"

C:\Program Files\Microsoft Office\root\Office16\msotd.exe

"C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe" "C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE"

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"

C:\Windows\system32\msinfo32.exe

"C:\Windows\system32\msinfo32.exe"

C:\Windows\system32\SnippingTool.exe

"C:\Windows\system32\SnippingTool.exe"

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe" -tab update

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\VideoLAN\VLC\NEWS.txt

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\printmanagement.msc"

C:\Windows\system32\psr.exe

"C:\Windows\system32\psr.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc" /s

C:\Windows\system32\xpsrchvw.exe

"C:\Windows\system32\xpsrchvw.exe"

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe" -tab about

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\579aa06252af411e862576105292af36 /t 11624 /p 7860

C:\Windows\system32\charmap.exe

"C:\Windows\system32\charmap.exe"

C:\Windows\system32\cleanmgr.exe

"C:\Windows\system32\cleanmgr.exe"

C:\Windows\syswow64\odbcad32.exe

"C:\Windows\syswow64\odbcad32.exe"

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" -Iskins

C:\Windows\Speech\Common\sapisvr.exe

"C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc" /s

C:\Windows\system32\dfrgui.exe

"C:\Windows\system32\dfrgui.exe"

C:\Windows\system32\MdSched.exe

"C:\Windows\system32\MdSched.exe"

C:\Program Files\Microsoft Office\Root\Office16\MSOUC.EXE

"C:\Program Files\Microsoft Office\Root\Office16\MSOUC.EXE"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE"

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 12336 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 10196 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel -tab update

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 12336 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 10196 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel -tab about

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=2176,i,9829872980360646873,8563436819910047454,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=2176,i,9829872980360646873,8563436819910047454,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1824 --field-trial-handle=2176,i,9829872980360646873,8563436819910047454,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1852,i,9041514108382424467,16563854772380947399,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1852,i,9041514108382424467,16563854772380947399,131072 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 57DD30B26D16B22557DD190BD1CB3D8D

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1848,i,14779217899385164451,2427869900980964116,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 --field-trial-handle=1848,i,14779217899385164451,2427869900980964116,131072 /prefetch:8

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=2176,i,9829872980360646873,8563436819910047454,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=2176,i,9829872980360646873,8563436819910047454,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1864,i,13470552244960290100,18359772955313595656,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1864,i,13470552244960290100,18359772955313595656,131072 /prefetch:8

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -getconfig=1

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -getconfig=1

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -getconfig=1

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe /peruser /childprocess

C:\Windows\system32\Speech\SpeechUX\SpeechUXWiz.exe

"C:\Windows\system32\Speech\SpeechUX\SpeechUXWiz.exe" UserEnrollment,en-US,HKEY_CURRENT_USER\SOFTWARE\Microsoft\Speech\RecoProfiles\Tokens\{6CA7FDCF-6C3B-4957-9CF4-68549E61B370},65552,0,""

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4444 --field-trial-handle=2176,i,9829872980360646873,8563436819910047454,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2648 --field-trial-handle=2176,i,9829872980360646873,8563436819910047454,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /t "C:\Program Files\Microsoft Office\Root\Office16\1033\TelemetryLog.xltx" /x

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /t "C:\Program Files\Microsoft Office\Root\Office16\1033\TelemetryDashboard.xltx" /x

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x418

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=2176,i,9829872980360646873,8563436819910047454,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 50.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 18.89.109.52.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 hl2rcv.adobe.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 192.147.130.244:443 hl2rcv.adobe.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 238.65.237.44.in-addr.arpa udp
US 8.8.8.8:53 244.130.147.192.in-addr.arpa udp
US 8.8.8.8:53 1.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 16.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 18.89.109.52.in-addr.arpa udp
US 8.8.8.8:53 255.255.127.10.in-addr.arpa udp
US 8.8.8.8:53 244.130.147.192.in-addr.arpa udp
US 8.8.8.8:53 f.f.f.f.8.f.2.0.0.4.8.7.e.b.0.7.f.f.f.f.6.e.1.0.c.f.0.0.0.0.0.e.ip6.arpa udp
US 8.8.8.8:53 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 f.f.f.f.6.e.1.0.d.9.0.3.e.e.0.d.f.f.f.f.6.e.1.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.206:443 clients2.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43642\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI43642\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI43642\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI43642\_socket.pyd

MD5 dc06f8d5508be059eae9e29d5ba7e9ec
SHA1 d666c88979075d3b0c6fd3be7c595e83e0cb4e82
SHA256 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a
SHA512 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

C:\Users\Admin\AppData\Local\Temp\_MEI43642\_lzma.pyd

MD5 05e8b2c429aff98b3ae6adc842fb56a3
SHA1 834ddbced68db4fe17c283ab63b2faa2e4163824
SHA256 a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
SHA512 badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

C:\Users\Admin\AppData\Local\Temp\_MEI43642\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

C:\Users\Admin\AppData\Local\Temp\_MEI43642\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI43642\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI43642\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI43642\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI43642\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

memory/4480-34-0x0000000000010000-0x000000000001E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8f3843a9da63a7c396a894b5865b2f67
SHA1 2e7f9776d1ba8b15aea00d84eff977929ed70022
SHA256 76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a
SHA512 06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

memory/2300-214-0x00000158629E0000-0x00000158629E1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 c9c30acbdec52ad6cbfc26a0cbd47e5a
SHA1 f8c13da5d75c09b97c8580ddd9346d8fefe61770
SHA256 eeb759cb04adb775f65b4fc141e354dd38775df45c239131a2384192b8e36569
SHA512 8eff78d891ae4e1b6299223c77cca82438d423c62a11c5de0f720e26ff1dc53fb61aa268d1d9eaac940be4f2411e8bb270271535a70af5d2deb3fa3437ba476b

memory/5388-219-0x000002A5AEA30000-0x000002A5AEA31000-memory.dmp

memory/3516-213-0x00000268B3900000-0x00000268B3901000-memory.dmp

memory/5524-232-0x0000022EFDE80000-0x0000022EFDE81000-memory.dmp

memory/4536-308-0x000001300DBC0000-0x000001300DBC1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 e5d8de39f83709963e906a314d11930b
SHA1 693113c6928a9ca202cdab4eb383ec819addc306
SHA256 ed88cc1c8d8194fefebd571c0cfea90d87df9322c80977f0635b85c67ece1668
SHA512 affd0060497ebf93003a6952ade5b4519138aed0734abd38aaac92b2e072fd2d60f273ba8652f94c45c6ccb1c811cf546306fa9dc6c6e9f2ea0f03e3f8b93e01

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 a192a14db243b81350bdf2b28d29418b
SHA1 a680f0719c1a8c11c0d8f10057c374c34f8af69e
SHA256 5564afa41a52c8636a68957cbb2116ee706159e6abad1b88eb23ab1bd99ac332
SHA512 47e660399d4f97c9cbc416a7c5e04c6d46a57ece60c2b08c28a4f861c410767eba3033c30c00d1ecad8388d031c4f7bf13984abc98291f8ec90f438e256c244d

memory/5436-350-0x000001EBD9420000-0x000001EBD9421000-memory.dmp

memory/5700-344-0x000001CED36C0000-0x000001CED36C1000-memory.dmp

memory/4252-343-0x000001867A2E0000-0x000001867A2E1000-memory.dmp

memory/5632-342-0x000002A1B9C00000-0x000002A1B9C01000-memory.dmp

memory/5280-341-0x000001852F640000-0x000001852F641000-memory.dmp

memory/5328-359-0x000001DC96AE0000-0x000001DC96AE1000-memory.dmp

memory/9932-340-0x000001FFD98B0000-0x000001FFD98B8000-memory.dmp

memory/5256-355-0x000001B86E0C0000-0x000001B86E0C1000-memory.dmp

memory/3516-317-0x00000268B3900000-0x00000268B3901000-memory.dmp

memory/5224-346-0x00000235282B0000-0x00000235282B1000-memory.dmp

memory/2300-345-0x00000158629E0000-0x00000158629E1000-memory.dmp

memory/4684-322-0x000002A394AD0000-0x000002A394AD1000-memory.dmp

memory/1756-367-0x000001EE78A60000-0x000001EE78A61000-memory.dmp

memory/5240-378-0x00000170F9280000-0x00000170F9281000-memory.dmp

memory/10192-372-0x00007FFD6A650000-0x00007FFD6A660000-memory.dmp

memory/10192-370-0x00007FFD6A650000-0x00007FFD6A660000-memory.dmp

memory/2300-369-0x00000158629E0000-0x00000158629E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

MD5 335795c2f3114fa63136531b3e21fe07
SHA1 0fb24e20a1e072473e8631b0f9a8a8ccec685bde
SHA256 b81db025164b108da6eb40b34133218c4e9e156674332def12a8eab0d65a4a0f
SHA512 cddd8ae27ab39fc947ea3ad782c7809d93fe30afd10c19ece45651cb93272e654b98cbe3fd40597e0bad95bc294d16627661627466bcd2773f59f9f1c018770b

memory/5500-363-0x000001C38E2B0000-0x000001C38E2B1000-memory.dmp

memory/4288-362-0x00000000000D0000-0x00000000000DC000-memory.dmp

memory/5288-361-0x0000021E3B8B0000-0x0000021E3B8B1000-memory.dmp

memory/5476-360-0x000001E215EF0000-0x000001E215EF1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4106386276-4127174233-3637007343-1000\83aa4cc77f591dfc2374580bbd95f6ba_ebaa0802-254d-4be1-a642-a8a5c0b06224

MD5 c8366ae350e7019aefc9d1e6e6a498c6
SHA1 5731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA256 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA512 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

memory/10192-357-0x00007FFD6A650000-0x00007FFD6A660000-memory.dmp

memory/10192-358-0x00007FFD6A650000-0x00007FFD6A660000-memory.dmp

memory/9932-407-0x000001FFF4B90000-0x000001FFF5920000-memory.dmp

memory/5240-418-0x00000170F9280000-0x00000170F9281000-memory.dmp

memory/5068-414-0x0000000002600000-0x0000000002666000-memory.dmp

memory/6056-401-0x00007FFD6A650000-0x00007FFD6A660000-memory.dmp

memory/6056-403-0x00007FFD6A650000-0x00007FFD6A660000-memory.dmp

memory/4928-411-0x00000203E1280000-0x00000203E1281000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 2ed5f37df53ed6b8768a16bd993ca4fc
SHA1 89b44bc26740d163aeb32811ce86c5c8027c0855
SHA256 b34550c81d00174bc4bd116f94f6f256a929433f5d5f15c4b83636a89ff1a70b
SHA512 16ffe32277cb025ee8499f612f97cbac1c6ffdd42a415e83f225494c0b51a7c46cdcfde4e7631294b2856d9b3fce154f377ec97b6743388babd4d3d6b6e9e3f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

memory/5748-474-0x000001E8D1BD0000-0x000001E8D1BD1000-memory.dmp

memory/5428-461-0x0000022606B50000-0x0000022606B51000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 8e23b8acc6802e8309be318a03c2c535
SHA1 a3a8956da8aa0ea12e2dd574d6487ac31de852f7
SHA256 b2ab546f5362e32c5db822dc742cc62270fba1d02d6a9efa33a436c4ea8247f0
SHA512 f29f0ec703c8184e0d0c043c49c7c971d4f0885736854e7e2ab842ae84673d6bc6714423faef0d008fa1e70e40ef4d37e0945d5f3d176afba106478cf4c7b246

memory/5364-455-0x000002733CAB0000-0x000002733CAB1000-memory.dmp

memory/5068-422-0x00000000025B0000-0x00000000025E4000-memory.dmp

memory/5068-421-0x0000000002570000-0x00000000025A6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7z7306E25C\Uninst.exe

MD5 ad782ffac62e14e2269bf1379bccbaae
SHA1 9539773b550e902a35764574a2be2d05bc0d8afc
SHA256 1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8
SHA512 a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 c78b308f35f755f99d7b3bbc5a932f78
SHA1 e9544c9be7da8ed3c627b80f6f72b88039c6a7bc
SHA256 547cd3d94d77dfb8fd46b3489254c997fda84ddd22e35fa62340167a05259714
SHA512 0f3131b966ce029ce6dccbc4e01db66198cf78a6d5fc7380031995211d3d9058e45852be4bee269dfab891322f45bbccc0ac593f24b0d9e13c8192304a371aea

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 aa895cd04d1f39e1be844044efca87d7
SHA1 f9c6bb73146ff6805fee23db095cf8881bc0691a
SHA256 0158dbd6c797b1b2deab3ec3b8b773823a8a71fddbb6761aef2b0b06264aae22
SHA512 09abdb6b2049901ef436eee6c7f8a4d0fc6d7b1e6d42f8f6966245dc8ae6f29ef855f2f7dc370a552363eb8278cd598af9e57304deb6bb86f71f22d3a03519d2

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 a9405155e32b593d355deaffd0dec98d
SHA1 4255a13754d05100942ce8e434cada626a33e6bd
SHA256 08f6499def47eade737dd52814005c925810b59bb0d90ab2621f0562d1b22357
SHA512 dd01bf64345fda3bd8dc210e3ae1d2cc1a8c804846dbd2b429292bf238c3d9fd73d2eadb92091bbe667a97528d46b46a2eee6974cea0d77539fc9c7e7134dab0

memory/10968-568-0x00007FF79F960000-0x00007FF79F9E3000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 d6036b2d3c02904e80b837d8a4611380
SHA1 2019b32df898ec6b158de07503886122ec42ea7d
SHA256 b897d05ef965539c556adb2ef1425158f12eac69efa51b93c9dcda3ff43c6c16
SHA512 23a68875631be506620d53c085f8d917d71fa6c920dd5dc680db6e9fff9c74b856156f939e9585def89456894c668b7ec811d7e04f9bf9ea3f31b582849f2ae7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 16b7586b9eba5296ea04b791fc3d675e
SHA1 8890767dd7eb4d1beab829324ba8b9599051f0b0
SHA256 474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680
SHA512 58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 a940c197ed280ccc8a460f1c94092626
SHA1 199653d8a20af36925277ba002dc21834f201b19
SHA256 ea017f3ac23e1091962653cbbbfa778e75563cfa93fec5534a2a2c5653281b0b
SHA512 81bed92b09d0184b89c6bb573b71ddbb1cdd04fd3b67328d46b580c149a3b2faea4a2a18f50cdb7a6abd958d079ebbda01a97f535d44424839408189c3f69233

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 78daa0e88d9b1cca29b9d61a85471c95
SHA1 ce565e8693dab3bb7f187d053786762c1e83e2b4
SHA256 7d4bccebd8ce8ea2f0451fd4bf4236fc5c7484ba455ba211db408ca953ad5a7c
SHA512 99fba56986ec11b898e0449c1dcdcf648a278d40f8c3cb2161e759988a63c53648d396f0e78079b4fd71eb71495b03496ba1d16315baedc347190d10b9e12e1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f6a8139b2b39c0d5efe29a1009eb401
SHA1 ae5a31a9d1aeb984315f90b45e8831b3dc049a72
SHA256 1d2a52274bdb46da654f9e9303e1c4c1e7a6b644c4a77cba35c11c97ceda9464
SHA512 119ce198c27122388f2c156f8969bbd62dd39a20652fd9b43b019734e7b248ef7bf9a44ecb3502c25b91f7bc7bc7130075746d4a5eadbdc16787b8fdb647a029

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 197fea9ce80ed8769f63853346568a56
SHA1 64f1d4bf6be078f76842e48a0f5f4cc4000a3ba5
SHA256 9f8d7e62b17f351e0d83220939a659290368378f700d5a637e994a5a4ce17312
SHA512 a416e55b74887c77101be223badfedec82a9c0e4957bf67e2f09783441f7b8bb5e5abe5e42e16a485d5ac335941f14b55e3ffbb51679cd8610fc00cf60786b7d

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 8cc924a2dedf3a8e1f389aa4e09c242b
SHA1 ae5e56015eb6f7537580e5000b6f4c18720354f1
SHA256 f418615776edc713b0f2ac2e01c9c2f4481c543e0cb58a879b5bffa3a3eb1535
SHA512 11e195014d23d932afee9d9ee6e1c10d675aebfb79391cd28c73164833a9cc598bc71f569380e92ba57bffcf0b386af877ce7591f20d1ab350af8318aed07d1d

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 73958976299ce3b1511734a3bb27067e
SHA1 0da37e2203a328d8c5f27d2fba173f0943bbdba8
SHA256 95c09048eb7c020af9e4f52682daa271dc9de4e75720282c03c21d3cd88de700
SHA512 eef23f9c2cdba7934f8a313cafe88a3efd90d2125060705292025b05718ea8c9c7770ca75b0e69f375ab1a3aa37304c1cc2aed0516c0b0c74584a055faa4567d

memory/9480-1232-0x0000024AE1F10000-0x0000024AE1F18000-memory.dmp

memory/9932-1389-0x000001FFD9C40000-0x000001FFD9C4A000-memory.dmp

memory/9932-1390-0x000001FFD9CA0000-0x000001FFD9CC8000-memory.dmp

memory/8072-1455-0x0000018E3C470000-0x0000018E3D200000-memory.dmp

memory/10968-1458-0x0000018CEC3B0000-0x0000018CEC572000-memory.dmp

memory/8072-1504-0x0000018E3B6A0000-0x0000018E3B6AA000-memory.dmp

memory/8072-1505-0x0000018E3D390000-0x0000018E3D3B8000-memory.dmp

C:\Users\Admin\Documents\Scanned Documents\Welcome Scan.jpg

MD5 73d4281e46a68222934403627e5b4e19
SHA1 0f1c29cea7ea24ebb75c95114e0b0d26438e1d39
SHA256 aac4ac970ec47cd95dc7c65d7d38d29c1f948be24d5dad1d5aa21053125367c7
SHA512 bb7aad10e5accd3f5c0f6b2968973034a2f7c2523401eb234b2de0cdad2dc13f4fd58d08ece94ec06420a52b3d371ba832f8fb4741f48799703bdf32a4daf555

memory/15888-1680-0x000000001D120000-0x000000001D151000-memory.dmp

memory/15888-1682-0x00007FFD5F4B0000-0x00007FFD5F4E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 c90b8498e3c39547d9304ce1f69ad6d6
SHA1 a24ef99d4d13fce0166dc10ca00d778fcba6d1c1
SHA256 8ccf4be22c2555836b82c80bf3a076ffc172e7dbb088ee5fbd68ab61f2cc40ad
SHA512 3562df62a1c174b069040f1e7a9bd7dac71736c71568466baa41a1927c37e086c2ed7675df8c39fd760e25d0a40f2188a3f812bc9daefec6b534c100b5dee984

memory/10196-1796-0x00000000002C0000-0x0000000000334000-memory.dmp

memory/12336-1797-0x00000000005A0000-0x00000000005D0000-memory.dmp

memory/12336-1798-0x0000000005940000-0x0000000005E3E000-memory.dmp

memory/12336-1799-0x0000000003330000-0x00000000033C2000-memory.dmp

memory/10196-1804-0x00000000025B0000-0x00000000025BA000-memory.dmp

memory/12336-1809-0x00000000033E0000-0x00000000033EA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpE07D.tmp

MD5 d8695622d4d19d8ba70542e2b5496f1e
SHA1 5999b17de0ff245a00c04c3658ee083342880a59
SHA256 74aad70279cf59b0ec8406fad6d3001381ddd60267826752cb3b7652f989b3fe
SHA512 01f65b556d96c1109b219c27c1d45694f249013fc8e64cf5dfdc7131110515e8ae826a1a9e39019cd18729a6bbe3456925dbf7d07b56fd270294a99ab85acf19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5b4c4e8e-9327-42b5-9bc6-392e13b74563.tmp

MD5 ef36a84ad2bc23f79d171c604b56de29
SHA1 38d6569cd30d096140e752db5d98d53cf304a8fc
SHA256 e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512 dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dbdeb78634ab363958db6677ef2f75b1
SHA1 b8752029d6e49e13ae09b07bd7c69254fd17b42d
SHA256 91e7d804c2a9cf2e1c2c9d40e77b7d3e05f2ef6fe5b5c790322eb78688d63952
SHA512 1a26ab5419bfc9646be0e2a5631187c48e7db5f837c5592d98928a280adee0ad5ac6b2a7b428aa985be08625901629248e2368a7bbafa645510d55f2143b5b5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 991563c64f0e720285fbee25be0216bb
SHA1 5ec6a2f9e036ee8f6d1e8d6a35a2831348923664
SHA256 0fbceb1644e73561839b4aee2cc0b74993ba5e0e856b7fe75789fa46529c1202
SHA512 e0f33790e1b01809b136ba51e272e5c9cf5631cebeec717d66c4a200d504f46ea733f69c6eb8297989ecce4c8240321d70467cbd45fd5a8369d1fe3512d174e0

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 be089ea19eb13d1806b9db6f654ae97a
SHA1 4125722c1c9b98081055e037ea3c8b46a1d3a4f5
SHA256 ca86ea56b8cf05f3e2f98825e0305bf3adcc7fbb39205c4710ed6431b990bff3
SHA512 6dee42200dcabfbaa6b10deebd79abec7224dfa280d38e486858ea326635d5aad1f2386b29d68e33c7e900f5619c63bd8bb940d797122ae633065e82a716d1a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 22f18e6d7602584b8e031a8293e83d9b
SHA1 9427dd085f602f71ceed4ec9b2cc0222a322d971
SHA256 a7a837a081540180d9979990ad169030a1ed90b96962843b3c343a3564e655c4
SHA512 cfc761779dc3ac32f4096ed1f1ea895eae4a1e49c6a0ebec016539edc1aae22be261c6c954fc16e2660afc42f1399f8379a0050ca4647c94abaac79fe0498e56

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 be26c429a7eb0aabd5fe8990a318a908
SHA1 c3b403a5fb24d709da7cb5eff02d9e32eeb63f20
SHA256 fc4d532048225bd88d1a9443250484090867c87c15a05e884c5ba20ad54aa128
SHA512 c373b663aa00e5f59ca1d5f1cad4718612eb9b0962914751d1b9e51b308bbd470eab4ae86e7dedbc9b9321c82a863ac0d1f089dbff36697ed57edfc89e283511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0bf18405fead3423822275a999456215
SHA1 9d67206bf2fa2a3643b216c40ee482e389d9fc63
SHA256 e2a463c2cb99bae6f818708a033ef4fc1e8576b44555d517fac5fd9a6b5d4246
SHA512 b8343772853674b986817fc18a259d49ba82b5ce341a8ce1dc5bceedaadeb4d967972131bf3f032ca3726a62600cf293c5d0a70aefde744eb35b6d1d6562ed03

memory/10196-2463-0x0000000005DB0000-0x0000000005F68000-memory.dmp

memory/10196-2464-0x0000000005F70000-0x00000000062C0000-memory.dmp

memory/10196-2465-0x00000000031B0000-0x00000000031C2000-memory.dmp

memory/10196-2468-0x0000000006A40000-0x0000000006CE2000-memory.dmp

memory/10196-2467-0x00000000062C0000-0x000000000630E000-memory.dmp

memory/10196-2469-0x0000000007070000-0x00000000073E6000-memory.dmp

memory/10196-2466-0x0000000006680000-0x0000000006A3A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 299af5dbb4e90807ba68441e2b7d0ba2
SHA1 4673fa4a469a6a7367c79c0d251db4fff872c2a0
SHA256 a112cedbc2d4232da495b936802fa8d2ae492f8f21ac44f1929ee9fb8b8ea601
SHA512 7103ef1baf7db51ce6bb8e50358b9abdcab6d57814a1422f7e3abf4a00f4de628486594f826413308086cd8f40d068a52de7619ab3ae1ceceb114e04d7443877

memory/10196-2505-0x0000000007A50000-0x0000000007A72000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 6dea986013e3e29fd2d58d0c744126fb
SHA1 baa81fd2e38db4af7e424e6f37ccfa653964bb1b
SHA256 1bf0786e838ec98b5f19a6196586db2a344bf1e7fd1e86ccd9723ddef550127f
SHA512 08aebdf157dda5c7bf183df503748a272c9d252e85e33dfd86db530f519c70365230a141cc2196c2f2b03b0aab2399c2413aef31971ba6c5858edc5b99ee0ee6

memory/10196-2631-0x00000000079A0000-0x00000000079AA000-memory.dmp

memory/10196-2636-0x0000000008A70000-0x0000000008A7E000-memory.dmp

memory/10196-2635-0x0000000008B20000-0x0000000008B8C000-memory.dmp

memory/9820-2639-0x000000001CC10000-0x000000001D0F4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b13003007f14764d547b0b8ddc6d322e
SHA1 aaa287b3a56dce4e3a48115f974e32ee75dc04e1
SHA256 818fa6a1ed26bcb3349ca464081bda18c0c390955ee3779aad057d85a09c444e
SHA512 05246e248b8b847fdfa895de03ad01267bf8be38618a8c1832ad53b1fc9072ef4afcbc57f95aaee6dce7f3b1d48ace4a44705e7e6456416f1363eed2ec18c08b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 12a14e1d849c9ce23eb792d576b18cd3
SHA1 29243983b087e5559a9320ff271718d58964c7c7
SHA256 53799f983d4d755666bd765d17966710594992ec076f659e5e9853750cfd096f
SHA512 cecd15128cb81b6844e10bf60cab474372bc5abfe6943a02eca15ea257792da8313174bd34ff75994a3e81e519ab2d69252e5f79a8e814c4271298b2fb575f93