Analysis Overview
SHA256
f9e5e1df07eb55a62dbee2ac0188c4b0497f3878219059b2a65c13701529c744
Threat Level: Shows suspicious behavior
The file q.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Registers COM server for autorun
Modifies file permissions
Executes dropped EXE
Loads dropped DLL
Detects Pyinstaller
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 13:50
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 13:50
Reported
2024-06-04 13:53
Platform
win10-20240404-en
Max time kernel
3s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7z759CB580\Uninst.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\q.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\q.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_01" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_03" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_23" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.0_04" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_22" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.0_05" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_07" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_01" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_22" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\ = "Java Plug-in 1.3.0_02" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_06" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe | N/A |
| N/A | N/A | C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\q.exe
"C:\Users\Admin\AppData\Local\Temp\q.exe"
C:\Users\Admin\AppData\Local\Temp\q.exe
"C:\Users\Admin\AppData\Local\Temp\q.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\DismountBackup.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7z.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zFM.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zG.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\Uninstall.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ExtExport.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iediagcmd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ieinstal.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9ca519758,0x7ff9ca519768,0x7ff9ca519778
C:\Program Files\Internet Explorer\ieinstal.exe
"C:\Program Files\Internet Explorer\ieinstal.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ielowutil.exe"
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\idlj.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jar.exe"
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
"C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javac.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff662e17688,0x7ff662e17698,0x7ff662e176a8
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
"C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javah.exe"
C:\Program Files\7-Zip\Uninstall.exe
"C:\Program Files\7-Zip\Uninstall.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9ca519758,0x7ff9ca519768,0x7ff9ca519778
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaw.exe"
C:\Program Files\Common Files\microsoft shared\ink\mip.exe
"C:\Program Files\Common Files\microsoft shared\ink\mip.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaws.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"
C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"
C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe
"C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jhat.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jjs.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jmap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jps.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstack.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstat.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\keytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\kinit.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\klist.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\ktab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\orbd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\pack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\policytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmic.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmid.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\serialver.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\servertool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\xjc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
"C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
"C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
"C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java.exe"
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
"C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
"C:\Program Files\Java\jdk-1.8\bin\jdb.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
"C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
"C:\Program Files\Java\jdk-1.8\bin\jhat.exe"
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
"C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
"C:\Program Files\Java\jdk-1.8\bin\jjs.exe"
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
"C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
"C:\Program Files\Java\jdk-1.8\bin\jstack.exe"
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
"C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
"C:\Program Files\Java\jdk-1.8\bin\keytool.exe"
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
"C:\Program Files\Java\jdk-1.8\bin\jstat.exe"
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
"C:\Program Files\Java\jdk-1.8\bin\kinit.exe"
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
"C:\Program Files\Java\jdk-1.8\bin\ktab.exe"
C:\Program Files\Java\jdk-1.8\bin\klist.exe
"C:\Program Files\Java\jdk-1.8\bin\klist.exe"
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
"C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"
C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe
"C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"
C:\Program Files\Java\jdk-1.8\bin\schemagen.exe
"C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"
C:\Program Files\Java\jdk-1.8\bin\servertool.exe
"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"
C:\Program Files\Java\jdk-1.8\bin\serialver.exe
"C:\Program Files\Java\jdk-1.8\bin\serialver.exe"
C:\Program Files\Java\jdk-1.8\bin\unpack200.exe
"C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"
C:\Program Files\Java\jre-1.8\bin\jabswitch.exe
"C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe"
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"
C:\Program Files\Java\jre-1.8\bin\java-rmi.exe
"C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
"C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
"C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"
C:\Program Files\Internet Explorer\iediagcmd.exe
"C:\Program Files\Internet Explorer\iediagcmd.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
"C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe
"C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"
C:\Program Files\Java\jdk-1.8\bin\orbd.exe
"C:\Program Files\Java\jdk-1.8\bin\orbd.exe"
C:\Program Files\Java\jdk-1.8\bin\pack200.exe
"C:\Program Files\Java\jdk-1.8\bin\pack200.exe"
C:\Program Files\Java\jdk-1.8\bin\rmic.exe
"C:\Program Files\Java\jdk-1.8\bin\rmic.exe"
C:\Program Files\Java\jdk-1.8\bin\policytool.exe
"C:\Program Files\Java\jdk-1.8\bin\policytool.exe"
C:\Program Files\Java\jdk-1.8\bin\rmid.exe
"C:\Program Files\Java\jdk-1.8\bin\rmid.exe"
C:\Users\Admin\AppData\Local\Temp\7z759CB580\Uninst.exe
C:\Users\Admin\AppData\Local\Temp\7z759CB580\Uninst.exe /N /D="C:\Program Files\7-Zip\"
C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe
"C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"
C:\Program Files\Java\jdk-1.8\bin\wsgen.exe
"C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"
C:\Program Files\Java\jdk-1.8\bin\wsimport.exe
"C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"
C:\Program Files\Java\jdk-1.8\bin\xjc.exe
"C:\Program Files\Java\jdk-1.8\bin\xjc.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\java.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"
C:\Program Files\Java\jdk-1.8\bin\jar.exe
"C:\Program Files\Java\jdk-1.8\bin\jar.exe"
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"
C:\Program Files\Internet Explorer\ielowutil.exe
"C:\Program Files\Internet Explorer\ielowutil.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
"C:\Program Files\Java\jdk-1.8\bin\jmap.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"
C:\Program Files\Java\jdk-1.8\bin\java.exe
"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"
C:\Program Files\Java\jdk-1.8\bin\jps.exe
"C:\Program Files\Java\jdk-1.8\bin\jps.exe"
C:\Program Files\Internet Explorer\ExtExport.exe
"C:\Program Files\Internet Explorer\ExtExport.exe"
C:\Program Files\Java\jdk-1.8\bin\java.exe
"C:\Program Files\Java\jdk-1.8\bin\java.exe"
C:\Program Files\Java\jdk-1.8\bin\javac.exe
"C:\Program Files\Java\jdk-1.8\bin\javac.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff76dd87688,0x7ff76dd87698,0x7ff76dd876a8
C:\Program Files\Java\jdk-1.8\bin\javap.exe
"C:\Program Files\Java\jdk-1.8\bin\javap.exe"
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"
C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
"C:\Program Files\Java\jdk-1.8\bin\idlj.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
"C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
"C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9ca519758,0x7ff9ca519768,0x7ff9ca519778
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jdk-1.8\jre\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel
C:\Program Files\Java\jdk-1.8\bin\javah.exe
"C:\Program Files\Java\jdk-1.8\bin\javah.exe"
C:\Program Files\Java\jre-1.8\bin\javaws.exe
"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9ca519758,0x7ff9ca519768,0x7ff9ca519778
C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"
C:\Program Files\Java\jdk-1.8\bin\java.exe
"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main
C:\Windows\system32\dxdiag.exe
"C:\Windows\system32\dxdiag.exe" /x C:\Users\Admin\AppData\Local\Temp\dxdiag.xml
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:704 CREDAT:82945 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1808,i,1763004493103798826,14678414566664649849,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1800,i,343981427014570923,2616022874840194740,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1800,i,3358695664569048406,11683332378154179140,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1808,i,1763004493103798826,14678414566664649849,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1800,i,343981427014570923,2616022874840194740,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1800,i,3358695664569048406,11683332378154179140,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javacpl.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaws.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jjs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\keytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\kinit.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\klist.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ktab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\orbd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\pack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\policytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmid.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\servertool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\unpack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\misc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoev.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoia.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msotd.exe"
C:\Program Files\Java\jre-1.8\bin\javacpl.exe
"C:\Program Files\Java\jre-1.8\bin\javacpl.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"
C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe"
C:\Program Files\Java\jre-1.8\bin\jjs.exe
"C:\Program Files\Java\jre-1.8\bin\jjs.exe"
C:\Program Files\Java\jre-1.8\bin\javaws.exe
"C:\Program Files\Java\jre-1.8\bin\javaws.exe"
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"
C:\Program Files\Java\jre-1.8\bin\keytool.exe
"C:\Program Files\Java\jre-1.8\bin\keytool.exe"
C:\Program Files\Java\jre-1.8\bin\kinit.exe
"C:\Program Files\Java\jre-1.8\bin\kinit.exe"
C:\Program Files\Java\jre-1.8\bin\klist.exe
"C:\Program Files\Java\jre-1.8\bin\klist.exe"
C:\Program Files\Java\jre-1.8\bin\ktab.exe
"C:\Program Files\Java\jre-1.8\bin\ktab.exe"
C:\Program Files\Java\jre-1.8\bin\orbd.exe
"C:\Program Files\Java\jre-1.8\bin\orbd.exe"
C:\Program Files\Java\jre-1.8\bin\pack200.exe
"C:\Program Files\Java\jre-1.8\bin\pack200.exe"
C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe
"C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"
C:\Program Files\Microsoft Office\root\Office16\msotd.exe
"C:\Program Files\Microsoft Office\root\Office16\msotd.exe"
C:\Program Files\Microsoft Office\root\Office16\msoia.exe
"C:\Program Files\Microsoft Office\root\Office16\msoia.exe"
C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe
"C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"
C:\Program Files\Microsoft Office\root\Office16\msoev.exe
"C:\Program Files\Microsoft Office\root\Office16\msoev.exe"
C:\Program Files\Microsoft Office\root\Office16\msoasb.exe
"C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"
C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe
"C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"
C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe
"C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
"C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"
C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe
"C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"
C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe
"C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"
C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe
"C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"
C:\Program Files\Java\jre-1.8\bin\policytool.exe
"C:\Program Files\Java\jre-1.8\bin\policytool.exe"
C:\Program Files\Java\jre-1.8\bin\tnameserv.exe
"C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"
C:\Program Files\Java\jre-1.8\bin\servertool.exe
"C:\Program Files\Java\jre-1.8\bin\servertool.exe"
C:\Program Files\Java\jre-1.8\bin\unpack200.exe
"C:\Program Files\Java\jre-1.8\bin\unpack200.exe"
C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe
"C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"
C:\Program Files\Microsoft Office\root\Client\AppVLP.exe
"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"
C:\Program Files\Microsoft Office\root\Integration\Integrator.exe
"C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"
C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe
"C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"
C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe
"C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"
C:\Program Files\Java\jre-1.8\bin\rmid.exe
"C:\Program Files\Java\jre-1.8\bin\rmid.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"
C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe
"C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\crashreporter.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\default-browser-agent.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\maintenanceservice.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\pingsender.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\plugin-container.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\private_browsing.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\uninstall.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\vlc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MpCmdRun.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MpUXSrv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MSASCui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MSASCuiL.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\NisSrv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\wab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\wabmig.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\WinMail.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\setup_wm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmlaunch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpconfig.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmplayer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmprph.exe"
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -getconfig=1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpshare.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Builder3D.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\AppxClickHandler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\MessagingApplication.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\3DViewer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\3DViewer.ResourceResolver.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Solitaire.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteim.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteshare.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\PeopleApp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe\PurchaseApp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Time.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\WindowsCamera.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxAccounts.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxMail.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe"
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
OfficeC2RClient.exe /blockinstall
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\PilotshubApp.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"
C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe
"C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"
C:\Program Files\Windows Media Player\wmplayer.exe
"C:\Program Files\Windows Media Player\wmplayer.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"
C:\Program Files\Windows Defender\MpUXSrv.exe
"C:\Program Files\Windows Defender\MpUXSrv.exe"
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe"
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"
C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe
"C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"
C:\Program Files\Mozilla Firefox\pingsender.exe
"C:\Program Files\Mozilla Firefox\pingsender.exe"
C:\Program Files\Mozilla Firefox\crashreporter.exe
"C:\Program Files\Mozilla Firefox\crashreporter.exe"
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe
"C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"
C:\Program Files\VideoLAN\VLC\uninstall.exe
"C:\Program Files\VideoLAN\VLC\uninstall.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"
C:\Program Files\Windows Photo Viewer\ImagingDevices.exe
"C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"
C:\Program Files\Mozilla Firefox\plugin-container.exe
"C:\Program Files\Mozilla Firefox\plugin-container.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe"
C:\Program Files\Mozilla Firefox\private_browsing.exe
"C:\Program Files\Mozilla Firefox\private_browsing.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
"C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MpCmdRun.exe
"C:\Program Files\Windows Defender\MpCmdRun.exe"
C:\Program Files\Windows Defender\MSASCuiL.exe
"C:\Program Files\Windows Defender\MSASCuiL.exe"
C:\Program Files\Windows Defender\NisSrv.exe
"C:\Program Files\Windows Defender\NisSrv.exe"
C:\Program Files\Windows Defender\MSASCui.exe
"C:\Program Files\Windows Defender\MSASCui.exe"
C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
"C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"
C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe
"C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe"
C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe
"C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"
C:\Program Files\Windows Media Player\wmpshare.exe
"C:\Program Files\Windows Media Player\wmpshare.exe"
C:\Program Files\Windows Mail\wab.exe
"C:\Program Files\Windows Mail\wab.exe"
C:\Program Files\Mozilla Firefox\updater.exe
"C:\Program Files\Mozilla Firefox\updater.exe"
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe
"C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
C:\Program Files\Windows Media Player\wmlaunch.exe
"C:\Program Files\Windows Media Player\wmlaunch.exe"
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
"C:\Program Files\Mozilla Firefox\default-browser-agent.exe"
C:\Program Files\Mozilla Firefox\maintenanceservice.exe
"C:\Program Files\Mozilla Firefox\maintenanceservice.exe"
C:\Program Files\Windows NT\Accessories\wordpad.exe
"C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"
C:\Program Files\Windows Media Player\wmpconfig.exe
"C:\Program Files\Windows Media Player\wmpconfig.exe"
C:\Program Files\Windows Media Player\wmprph.exe
"C:\Program Files\Windows Media Player\wmprph.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"
C:\Program Files\Windows Mail\wabmig.exe
"C:\Program Files\Windows Mail\wabmig.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"
C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe
"C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe
"C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe"
C:\Program Files\Windows Media Player\wmpnscfg.exe
"C:\Program Files\Windows Media Player\wmpnscfg.exe"
C:\Program Files\Windows Media Player\setup_wm.exe
"C:\Program Files\Windows Media Player\setup_wm.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3896 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4012 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Maps.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\SoundRec.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\WinStore.App.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\XboxApp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\GameBar.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\XboxIdp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\SpeechToTextOverlay64-Retail.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Music.UI.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Video.UI.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe"
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe"
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\java.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaws.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\Install\{B0E23D68-D2B9-47AC-9AA9-845E4FE2E1D3}\chrome_installer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ExtExport.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ieinstal.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ielowutil.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\wab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\wabmig.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\WinMail.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmprph.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Upload Center.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\java.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\java.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaw.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaw.exe"
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe
"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe
"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"
C:\Program Files (x86)\Google\Update\Install\{B0E23D68-D2B9-47AC-9AA9-845E4FE2E1D3}\chrome_installer.exe
"C:\Program Files (x86)\Google\Update\Install\{B0E23D68-D2B9-47AC-9AA9-845E4FE2E1D3}\chrome_installer.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"
C:\Program Files (x86)\Windows Mail\wab.exe
"C:\Program Files (x86)\Windows Mail\wab.exe"
C:\Program Files (x86)\Windows Mail\wabmig.exe
"C:\Program Files (x86)\Windows Mail\wabmig.exe"
C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe"
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files (x86)\Internet Explorer\ExtExport.exe
"C:\Program Files (x86)\Internet Explorer\ExtExport.exe"
C:\Program Files (x86)\Internet Explorer\ieinstal.exe
"C:\Program Files (x86)\Internet Explorer\ieinstal.exe"
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaws.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaws.exe"
C:\Program Files (x86)\Windows Media Player\wmlaunch.exe
"C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"
C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files (x86)\Windows Media Player\wmpshare.exe
"C:\Program Files (x86)\Windows Media Player\wmpshare.exe"
C:\Program Files (x86)\Windows Media Player\wmprph.exe
"C:\Program Files (x86)\Windows Media Player\wmprph.exe"
C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe
"C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"
C:\Program Files (x86)\Windows Mail\WinMail.exe
"C:\Program Files (x86)\Windows Mail\WinMail.exe"
C:\Program Files (x86)\Windows Media Player\wmpconfig.exe
"C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"
C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
"C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe" -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\DismountBackup.lnk"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7z.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zFM.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zG.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\Uninstall.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe"
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
C:\Program Files\7-Zip\Uninstall.exe
"C:\Program Files\7-Zip\Uninstall.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ExtExport.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iediagcmd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ieinstal.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ielowutil.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\idlj.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jar.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javac.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javah.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaws.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jhat.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jjs.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
"C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
"C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"
C:\Program Files\Internet Explorer\ExtExport.exe
"C:\Program Files\Internet Explorer\ExtExport.exe"
C:\Program Files\Internet Explorer\iediagcmd.exe
"C:\Program Files\Internet Explorer\iediagcmd.exe"
C:\Program Files\Internet Explorer\ielowutil.exe
"C:\Program Files\Internet Explorer\ielowutil.exe"
C:\Program Files\Internet Explorer\ieinstal.exe
"C:\Program Files\Internet Explorer\ieinstal.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe
"C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe
"C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"
C:\Program Files\Java\jdk-1.8\bin\idlj.exe
"C:\Program Files\Java\jdk-1.8\bin\idlj.exe"
C:\Program Files\Java\jdk-1.8\bin\jar.exe
"C:\Program Files\Java\jdk-1.8\bin\jar.exe"
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
"C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
"C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe
"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"
C:\Program Files\Java\jdk-1.8\bin\javac.exe
"C:\Program Files\Java\jdk-1.8\bin\javac.exe"
C:\Program Files\Java\jdk-1.8\bin\java.exe
"C:\Program Files\Java\jdk-1.8\bin\java.exe"
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe
"C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe
"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"
C:\Program Files\Java\jdk-1.8\bin\javah.exe
"C:\Program Files\Java\jdk-1.8\bin\javah.exe"
C:\Program Files\Java\jdk-1.8\bin\javap.exe
"C:\Program Files\Java\jdk-1.8\bin\javap.exe"
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe
"C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"
C:\Program Files\Java\jdk-1.8\bin\jjs.exe
"C:\Program Files\Java\jdk-1.8\bin\jjs.exe"
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
"C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe
"C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
"C:\Program Files\Java\jdk-1.8\bin\javaw.exe"
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe
"C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe
"C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"
C:\Program Files\Java\jdk-1.8\bin\jhat.exe
"C:\Program Files\Java\jdk-1.8\bin\jhat.exe"
C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"
C:\Program Files\Common Files\microsoft shared\ink\mip.exe
"C:\Program Files\Common Files\microsoft shared\ink\mip.exe"
C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe
"C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"
C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe
"C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"
C:\Program Files\Java\jdk-1.8\bin\jdb.exe
"C:\Program Files\Java\jdk-1.8\bin\jdb.exe"
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe
"C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jmap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jps.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstack.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstat.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\keytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\kinit.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\klist.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\ktab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\orbd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\pack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\policytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmic.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmid.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\serialver.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\servertool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\xjc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"
C:\Program Files\Java\jdk-1.8\bin\java.exe
"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javacpl.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaws.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jjs.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\keytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\kinit.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\klist.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ktab.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\orbd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\pack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\policytool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmid.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\servertool.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\unpack200.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\misc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoev.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoia.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msotd.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe"
C:\Program Files\Java\jdk-1.8\bin\jmap.exe
"C:\Program Files\Java\jdk-1.8\bin\jmap.exe"
C:\Program Files\Java\jdk-1.8\bin\jps.exe
"C:\Program Files\Java\jdk-1.8\bin\jps.exe"
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe
"C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe
"C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"
C:\Program Files\Java\jdk-1.8\bin\keytool.exe
"C:\Program Files\Java\jdk-1.8\bin\keytool.exe"
C:\Program Files\Java\jdk-1.8\bin\kinit.exe
"C:\Program Files\Java\jdk-1.8\bin\kinit.exe"
C:\Program Files\Java\jdk-1.8\bin\rmic.exe
"C:\Program Files\Java\jdk-1.8\bin\rmic.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"
C:\Program Files\Java\jre-1.8\bin\policytool.exe
"C:\Program Files\Java\jre-1.8\bin\policytool.exe"
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"
C:\Program Files\Microsoft Office\root\Integration\Integrator.exe
"C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"
C:\Program Files\Java\jdk-1.8\bin\jstack.exe
"C:\Program Files\Java\jdk-1.8\bin\jstack.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
"C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"
C:\Program Files\Java\jdk-1.8\bin\schemagen.exe
"C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"
C:\Program Files\Java\jdk-1.8\bin\java.exe
"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files\Java\jdk-1.8\bin\wsgen.exe
"C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"
C:\Program Files\Java\jre-1.8\bin\jjs.exe
"C:\Program Files\Java\jre-1.8\bin\jjs.exe"
C:\Program Files\Java\jre-1.8\bin\keytool.exe
"C:\Program Files\Java\jre-1.8\bin\keytool.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"
C:\Program Files\Java\jdk-1.8\bin\servertool.exe
"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe
"C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"
C:\Program Files\Java\jdk-1.8\bin\pack200.exe
"C:\Program Files\Java\jdk-1.8\bin\pack200.exe"
C:\Program Files\Java\jdk-1.8\bin\policytool.exe
"C:\Program Files\Java\jdk-1.8\bin\policytool.exe"
C:\Program Files\Java\jdk-1.8\bin\jstat.exe
"C:\Program Files\Java\jdk-1.8\bin\jstat.exe"
C:\Program Files\Java\jdk-1.8\bin\ktab.exe
"C:\Program Files\Java\jdk-1.8\bin\ktab.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"
C:\Program Files\Java\jre-1.8\bin\klist.exe
"C:\Program Files\Java\jre-1.8\bin\klist.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe
"C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"
C:\Program Files\Java\jre-1.8\bin\java-rmi.exe
"C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"
C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe
"C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"
C:\Program Files\Java\jdk-1.8\bin\xjc.exe
"C:\Program Files\Java\jdk-1.8\bin\xjc.exe"
C:\Program Files\Java\jre-1.8\bin\java.exe
"C:\Program Files\Java\jre-1.8\bin\java.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hl2rcv.adobe.com | udp |
| US | 192.147.130.244:443 | hl2rcv.adobe.com | tcp |
| US | 8.8.8.8:53 | 244.130.147.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 1.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| GB | 2.22.96.153:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.f.0.0.0.0.0.e.ip6.arpa | udp |
| US | 8.8.8.8:53 | 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 153.96.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.9.0.6.6.1.2.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.c.5.b.d.0.0.0.0.c.5.0.7.0.0.0.0.d.c.c.d.1.0.0.0.0.0.f.7.ip6.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.8.0.0.0.0.0.0.0.8.1.0.0.0.0.0.0.0.0.f.5.d.d.5.e.0.c.ip6.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.65.237.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 93.243.107.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.100.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | prod.detectportal.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 82.221.107.34.in-addr.arpa | udp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.detectportal.prod.cloudops.mozgcp.net | udp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 34.107.221.82:80 | prod.detectportal.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | remoteassistance.support.services.microsoft.com | udp |
| GB | 23.49.163.97:443 | remoteassistance.support.services.microsoft.com | tcp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | 97.163.49.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | 251.0.0.224.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| NL | 23.62.61.184:443 | metadata.templates.cdn.office.net | tcp |
| GB | 52.109.32.7:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| NL | 23.62.61.184:443 | metadata.templates.cdn.office.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.61.62.23.in-addr.arpa | udp |
| GB | 23.49.163.97:443 | remoteassistance.support.services.microsoft.com | tcp |
| US | 8.8.8.8:53 | 7.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| GB | 23.49.163.97:443 | remoteassistance.support.services.microsoft.com | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 202.138.73.23.in-addr.arpa | udp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| GB | 23.73.138.202:443 | binaries.templates.cdn.office.net | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI45122\python312.dll
| MD5 | 3c388ce47c0d9117d2a50b3fa5ac981d |
| SHA1 | 038484ff7460d03d1d36c23f0de4874cbaea2c48 |
| SHA256 | c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb |
| SHA512 | e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35 |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\base_library.zip
| MD5 | 8dad91add129dca41dd17a332a64d593 |
| SHA1 | 70a4ec5a17ed63caf2407bd76dc116aca7765c0d |
| SHA256 | 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783 |
| SHA512 | 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50 |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\select.pyd
| MD5 | 92b440ca45447ec33e884752e4c65b07 |
| SHA1 | 5477e21bb511cc33c988140521a4f8c11a427bcc |
| SHA256 | 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3 |
| SHA512 | 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191 |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\unicodedata.pyd
| MD5 | 16be9a6f941f1a2cb6b5fca766309b2c |
| SHA1 | 17b23ae0e6a11d5b8159c748073e36a936f3316a |
| SHA256 | 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04 |
| SHA512 | 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_decimal.pyd
| MD5 | 3055edf761508190b576e9bf904003aa |
| SHA1 | f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890 |
| SHA256 | e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577 |
| SHA512 | 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248 |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_bz2.pyd
| MD5 | 223fd6748cae86e8c2d5618085c768ac |
| SHA1 | dcb589f2265728fe97156814cbe6ff3303cd05d3 |
| SHA256 | f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb |
| SHA512 | 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6 |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_socket.pyd
| MD5 | dc06f8d5508be059eae9e29d5ba7e9ec |
| SHA1 | d666c88979075d3b0c6fd3be7c595e83e0cb4e82 |
| SHA256 | 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a |
| SHA512 | 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3 |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_lzma.pyd
| MD5 | 05e8b2c429aff98b3ae6adc842fb56a3 |
| SHA1 | 834ddbced68db4fe17c283ab63b2faa2e4163824 |
| SHA256 | a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c |
| SHA512 | badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3 |
C:\Users\Admin\AppData\Local\Temp\_MEI45122\_hashlib.pyd
| MD5 | eedb6d834d96a3dffffb1f65b5f7e5be |
| SHA1 | ed6735cfdd0d1ec21c7568a9923eb377e54b308d |
| SHA256 | 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2 |
| SHA512 | 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad |
memory/2396-28-0x0000000000EA0000-0x0000000000EAE000-memory.dmp
memory/964-30-0x000000001B270000-0x000000001B2D6000-memory.dmp
memory/964-32-0x0000000002800000-0x0000000002834000-memory.dmp
memory/964-31-0x00000000027B0000-0x00000000027E6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 5bd603aa970502579fbc84e65f790849 |
| SHA1 | 73a4d8ae9944eccc6f00cf26d49d7e4a24a916a8 |
| SHA256 | 92436d46bd8230874ccca80b504d31b1952cbcafb0a8e40351ee9983a45eea53 |
| SHA512 | 0c1d1ed1999a413ddab7a7930b4b1c7643ce7e62a39a535034e01159f4ef3f467860cc2d8170c9c63305fd755157a1b67008a4eb2dd5a35af53323e4f22cd99e |
C:\Users\Admin\AppData\Local\Temp\7z759CB580\Uninst.exe
| MD5 | ad782ffac62e14e2269bf1379bccbaae |
| SHA1 | 9539773b550e902a35764574a2be2d05bc0d8afc |
| SHA256 | 1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8 |
| SHA512 | a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2 |
memory/5540-93-0x00007FF6A1E50000-0x00007FF6A1ED3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log
| MD5 | 4e94f228db2e2f8a6498a5d87866656f |
| SHA1 | c5c9851a1b554c04435d66c26ad0b86758d1232e |
| SHA256 | 587943fe005426ad5e53cfc8b0d687e8eb76708409dc94fecc3c9213b25a1998 |
| SHA512 | 6c60f81b420ef63a5b7d8b1cc85618b5291be1932955cb99d701472923922280c55ba1a56825e80c58f476a1c7b4d1217ac987f00f4344ef472de62315bd08bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | acdad9483d3f27ed7e86c7f0116d8ad9 |
| SHA1 | dd2cfd176ad33d12ba7e6d260e1069b1dd4490c4 |
| SHA256 | bff5b4fff4b34ed3ea2754985b5ba1a8d6921517b0fa370f71f37ee0845552ba |
| SHA512 | 6e3ab4b6cfa73a7ad3c36fa621b1d2817b26e8e3613b78a40df6691d65e1486e6c2281efa0f8d3f30d2c6647b7ba3430a8be77df770f1cc575e8db76be6836a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | f732dbed9289177d15e236d0f8f2ddd3 |
| SHA1 | 53f822af51b014bc3d4b575865d9c3ef0e4debde |
| SHA256 | 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93 |
| SHA512 | b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4 |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 887f1e9ea4ab2d2838055f91659daefd |
| SHA1 | 69585a2fb6a6586db44aa35c03a5e5af8ae8c251 |
| SHA256 | c515951a94f51d2a8e4fcc5118dce59dd4436021dfc2549cdf17208e65ada428 |
| SHA512 | 48d400bfa15af8c3b30246a41f13ce754aa778b239858ecfcd15450e09e4610163193e582b2d7f1012b06389fe5724cb8e19e5046485cbd45238017f3f922fdd |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | b4ae0c43c1384ec6fa598ebffc6962dc |
| SHA1 | a36a48e9920a7b0c35862026e01561c7f3ba5d7f |
| SHA256 | c128a221d96b7da86c410029d8c73fae3f9d5d77ef32be78a67d4c07ad37913c |
| SHA512 | 7c85f1e2b3e148ff623918a5bb3ed657e7f1cfabf90fc7a080f1fd56614004a71394390888a8ca6ec1f7a1bbdf68e72af28e50c343bbb5449b29e426961a3e13 |
memory/516-284-0x0000023BA8340000-0x0000023BA8341000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | afbdf1d3711afa11f990ec5f804fb723 |
| SHA1 | 5f62f6fedcebad7dd4df83b28340f5e074f84f11 |
| SHA256 | 15c4ed6448c7dd9c2c04c20eee5da17a227f624cb454db8ef46c2bb69c164ead |
| SHA512 | c6b7a6de0d67908a1a339e0be59cb4a554640bd13dacc4cdf13548fba7a4d84b5a7c1534a30f7889ac05142f7cb5ba3bf71c39e35883a79673ab57cdb4169f2a |
memory/2596-210-0x000001958BA70000-0x000001958BA71000-memory.dmp
memory/5300-313-0x000002A6AD3D0000-0x000002A6AD3D1000-memory.dmp
memory/5316-314-0x000001490D410000-0x000001490D411000-memory.dmp
memory/4992-260-0x0000025B18500000-0x0000025B18501000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 724940f0adc86d7a35c1d47c546b80aa |
| SHA1 | 46a842cd13646c92ae6859eaaa7bf6b874341b63 |
| SHA256 | 0769381204dea0501937698ae42e3eb875df8f97a63205858526ea8789dc4a33 |
| SHA512 | b8c5b43a35c68a8cb91a6ae3db466d55b7fbee13b8e7b331dd3404d3a727789a72a689af2598f5c5ac13cb6c74fa45842dabdee84adc0b2ead0b9e61c531c30f |
memory/5192-379-0x000002AB23B50000-0x000002AB23B51000-memory.dmp
memory/5136-410-0x000001FE7E790000-0x000001FE7E791000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 58d82a79edcd59e8f41fe18d93ead2d9 |
| SHA1 | ebc9b52360f8bd245fb8ccb4fe51568a29c11d3b |
| SHA256 | 133a4e59a8ce177b4992bb9aab4bdad69a237200ba3565deea437864d2630cc6 |
| SHA512 | 867c1d24b3142cf29963a5ab4698b7559dd6642bef492622628b272344cde3928d7ea98e8bd955d2d703ffdaabdaf536b08e774a8fa0bfb4e5832b9476f098b5 |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | ef5ca915c52c9215c156f491846d53f2 |
| SHA1 | c7f086302e482b1036a27f57fb66c0db9adbf041 |
| SHA256 | f49aa9711d0a00a7cf5503881332c2d7e9e2c0d5cc2295b16e75d8797442e62e |
| SHA512 | 4fc74cbc152ddf1fd3975ae6a751c0d6697d8e2369e080329ac8e24d69513d0ccbb0807bd63f7594951fd367cf2cbb972069e394dcf4b0fb72564aceadf9291a |
memory/5228-501-0x000001F345DC0000-0x000001F345DC1000-memory.dmp
memory/5316-442-0x000001490D410000-0x000001490D411000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 507c3cfa0ce272a3ee00d2a54033f0a3 |
| SHA1 | c12d9ccf5813e34f47d09a9b03eec4f104b8ad33 |
| SHA256 | 8c4d8163929ddeb58c87a83f66c96eb9e33288dbc37c974d42575a4e27b138c0 |
| SHA512 | 13f4077df404b099dca4ce4d8ec74697c5bd71eff7d43d1d9d5206b4e6f43e9ae3158cf0ff005653cf77accc3b632ff41a378faeaff5c3bd808881721f2fbbe8 |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | 83f2eee2d2d614810e1dee80a3243a86 |
| SHA1 | 96a0fb0e46d2f1f84b80ca2a47973b02b93d1d61 |
| SHA256 | c0785fe73b7b6b4f5ba5a92e1b52aea5dcd0fc2ab34b675cf3d301e447be6130 |
| SHA512 | 153a6f3f4836f43a8ab56caec700be8ddaba9a912d7611314d1a534667d1582988cd6fa1b9500291f912d358ccc985272a3e9dbbf7c593ca18f049bfb9ac15bc |
memory/5340-486-0x0000021588DA0000-0x0000021588DA1000-memory.dmp
memory/5300-436-0x000002A6AD3D0000-0x000002A6AD3D1000-memory.dmp
memory/5388-471-0x0000016CADE00000-0x0000016CADE01000-memory.dmp
memory/5276-406-0x0000016A75FB0000-0x0000016A75FB1000-memory.dmp
memory/2596-399-0x000001958BA70000-0x000001958BA71000-memory.dmp
memory/516-398-0x0000023BA8340000-0x0000023BA8341000-memory.dmp
memory/5684-652-0x0000023C292C0000-0x0000023C292C1000-memory.dmp
memory/6320-627-0x0000022EB5D90000-0x0000022EB5D91000-memory.dmp
memory/5876-586-0x00000116833B0000-0x00000116833B1000-memory.dmp
memory/5860-584-0x0000023D20A40000-0x0000023D20A41000-memory.dmp
memory/5592-583-0x000002BAC43F0000-0x000002BAC43F1000-memory.dmp
memory/4588-608-0x00000232F42B0000-0x00000232F42B1000-memory.dmp
memory/5592-657-0x000002BAC43F0000-0x000002BAC43F1000-memory.dmp
memory/5860-626-0x0000023D20A40000-0x0000023D20A41000-memory.dmp
memory/5412-611-0x0000021FFA870000-0x0000021FFA871000-memory.dmp
memory/5684-607-0x0000023C292C0000-0x0000023C292C1000-memory.dmp
memory/5748-606-0x000001DA24340000-0x000001DA24341000-memory.dmp
memory/6320-605-0x0000022EB5D90000-0x0000022EB5D91000-memory.dmp
memory/5748-718-0x000001DA24340000-0x000001DA24341000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 94125a10e46d062a394b4343ee3ee90a |
| SHA1 | 4398221fdeba9f34b8d4721b538bc4e1deffb466 |
| SHA256 | 0fd70ad3499a3fafeafcb0a81ce6b944604f24eb9880ecdd59afabffd286de89 |
| SHA512 | d74e069aafbedcefe75e1cb2ef13538e32dab91f27c9594274498d1d75eb356bdc34622e36d1a6375afc3694822c3c8d88df05be044c95b7b448673f21dd1306 |
memory/5448-680-0x000001D911460000-0x000001D911461000-memory.dmp
memory/5228-658-0x000001F345DC0000-0x000001F345DC1000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 586696a99c15947b828a9a93f6383c33 |
| SHA1 | d342ab5bd47e43777c4752aa2108cb7819ccd1a6 |
| SHA256 | fc37599cbe5f2ffd6d8f01049d5860ad35e03ce8b315ff2fc19efc7f228cc368 |
| SHA512 | 421ae8423711e2f350edca912b1571394f2087338428085aaadae125631239f7e207298b774f7d9518c1f0fbb7c9515e15925c74d083ab91524acf2bc26b66f1 |
memory/9128-729-0x000002362AF20000-0x000002362AF21000-memory.dmp
memory/5592-759-0x000002BAC43F0000-0x000002BAC43F1000-memory.dmp
memory/5500-758-0x000001D5B5720000-0x000001D5B5721000-memory.dmp
memory/5684-741-0x0000023C292C0000-0x0000023C292C1000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 88ad90b2a5e00580c525cb55a3fde256 |
| SHA1 | c2857384a48f8d44c02987d961b482c97eb3a8b0 |
| SHA256 | c848b2d98b055c8f9f882cb7a788003494186ad8927018ab6843637ca9b2c98d |
| SHA512 | 08376c9ce4f8d1af3d8ccbb78131be083789c7f7da45c5cc74fdab46bf1ffeba0447ef798551cbc9bb2f8bf5614f1470c535954fb8f5413bb9b8c2f5e26296af |
memory/6936-793-0x000001E3B1E50000-0x000001E3B1E51000-memory.dmp
memory/5228-728-0x000001F345DC0000-0x000001F345DC1000-memory.dmp
memory/5876-757-0x00000116833B0000-0x00000116833B1000-memory.dmp
memory/5412-756-0x0000021FFA870000-0x0000021FFA871000-memory.dmp
memory/2604-695-0x0000029E58580000-0x0000029E58581000-memory.dmp
memory/5268-721-0x000001BFBA810000-0x000001BFBA811000-memory.dmp
memory/5540-988-0x0000012A75670000-0x0000012A75832000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 118d3f1088557e592533a1d42f420e8c |
| SHA1 | a536b2a1dd23a0fce637b532418947e61d55b37a |
| SHA256 | c58f4caee1ea936e78bf7d6996efd7c9dd8d4e632266659cdc711b216c1b179d |
| SHA512 | 1bef35a4a0b8af834a0f7c4c11ffd00449b9d24d3628bfb6b1bd098e7c53f5a140e2628d97c657831030937319122bebdd119186caaa69ed3082813914c9e05b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 984ad336917104c375e9eabccdfd3d54 |
| SHA1 | 653efd5e0f7bc64063c900e32c8247d9c76ab7f9 |
| SHA256 | d3628245efa215d188f2aa49b8cd5dc5aff77f082214a49c3fd85aa7be582c5d |
| SHA512 | 9741108c5ce59180a16b7f5180e4282b83b942c14e177f1ffa1d6e0805ef0f054efb5fbbb5f0af01f62f877ab0cebca512760eb4e44fb3b7d1a7b507e9dd37b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 09f87c1af9fe6ae86427d0369072d21e |
| SHA1 | e85ed637301826be7216a56aeaebf578220871af |
| SHA256 | 6a725b91dac7661cfb8002051ef1de2bb6a536e2adb12a3b5719b7bec6fa3d0c |
| SHA512 | 5f382fe38ac2362a0a52ecb02f8e75755c96f5c59ad90d01c465da14261d5d55241b7bf2c3790150006bcb15453cb4fcb0cd45360f2aa43e8eae0413d6ec9b42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
| MD5 | ef36a84ad2bc23f79d171c604b56de29 |
| SHA1 | 38d6569cd30d096140e752db5d98d53cf304a8fc |
| SHA256 | e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831 |
| SHA512 | dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\da3182eb-67ee-404b-8d55-2287c12696ce.tmp
| MD5 | 799117f2b916ed3f7df064f35a1917e7 |
| SHA1 | f318757386dfe637b2314e72467c00cb54f172eb |
| SHA256 | a02e640b172ce4871d647bff80898dd691938931cb98f5117e9e2f43bc25c9d5 |
| SHA512 | 788e7426585715818034f6fda36f67535b1eeee152b686e21a6c64b66185c413bc792475ce154631c787a12e97d4d9308779134c4e03b4eaba033b0839c2ec5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5e4d79b6a736ee9c12e72f26169a959c |
| SHA1 | 759d454d9a28879b78c3dbe258bcabe9103ed43f |
| SHA256 | 6a52c5c7a175386ffc340f50f18ae42c2b12468edb0f24b224d6d2a7ba5cb836 |
| SHA512 | 1bf8fc85b8c54e12824c4588412ceca66014682d12c1ff3327d9eb03dd3e94db8bf5d05d23680d7ba04c62da1a98d95f8315ba0facaa62959d58bf2ad17600d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dacf7c9a7530cc65102dbdf3ec61e63d |
| SHA1 | a379e5dfcff584731b4290120e0743f0f6e607e7 |
| SHA256 | b8d79bd3cb82225e579929a43c1309609283f8d4261688f9fc8df522a2761b16 |
| SHA512 | 716ab208c6b72350fd9fe94c89e3b7d5fc73c27964ce1ee290e58fe947d356b7f3322cf00901b5b344f8d110908e6040af810664438abec94a78241793860fc7 |
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | 8a524dc0d66b57c2268c38679815253c |
| SHA1 | 19be5368f4571ddfb3ac9a5a3bccf2bd75427c24 |
| SHA256 | a3dee7805c7575c804b5b793ef70fdb6cb91e27ae1a6578662cc4437a627df0f |
| SHA512 | b3ded4cd10fc41c798de172e4d1c66cdcd93629f01b72a2eb97f730b9f0d5eb3932562483c672735c8f3353126fafbe5221ce9269b542110455ae16a2db7bad0 |
memory/7772-1651-0x000001B854880000-0x000001B854888000-memory.dmp
memory/7772-1659-0x000001B86F910000-0x000001B8706A0000-memory.dmp
memory/7772-1661-0x000001B8548B0000-0x000001B8548BA000-memory.dmp
memory/7772-1664-0x000001B8548F0000-0x000001B854918000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties
| MD5 | 2aaedd025db8339c1acc6c228e3041fb |
| SHA1 | aadd66dd68fa3bdcfa5dbd6c5325d790f4654140 |
| SHA256 | 03474988d3cec89fb76d889a0afa872553b69c7ce6c5a943f12f52a7b2f5fed6 |
| SHA512 | b7532c5f6057c4e7bb1b93695ed6b382aa72c96277dc1661ac99966f856c4a5042d2a92bec1abdf6e249fd11d265d7b9cdffe1351cd50e49ed328a280f276a07 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 2ae0b90daa9de899f2de5af075f0e371 |
| SHA1 | 3d2ed6a7de1815377e52aa4d08009dc227f9c373 |
| SHA256 | a677de8b704bd3a388c57754416b86438cee2ac3b4e1431001338ff492f8714f |
| SHA512 | a67535f0421fc6d1d2d7c2b0859ac4eec4154cf30c1d6ddf7132164f36b8fd9d349361ade7330e6bf269a393c64ab2ac778e0088c6777940dfe91033a6e6a002 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 725d4b588234ac2148f1c1ddfee549a9 |
| SHA1 | 4a62a12d2b47ebbfc7ca10262a20a8695c7366b8 |
| SHA256 | c579598a93b031f5687d623ef82877e79c08fb11ea5aa73d62cc90f97fb0cbbb |
| SHA512 | a8473b4666bcc7cfd75e0d6e1464b537db1fa5215230a1bd9077e2ec5016e33e71383e3daff5da57107dfdfe7ea8b209394ed66dcfb3fbbc948727fa097a611a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c74541505fa89fd852c366db2c4c950b |
| SHA1 | b1744f1610745d878d7665975bc6527cf43f7711 |
| SHA256 | 6ffa30b03e090d2317526cc153b838721968c9d80ac9b1a8d45f6e54d1797e75 |
| SHA512 | 8109ced2ab28d83f3bf10dbb8953ed15b01dc1b8c7893c2673d1aa4c8248fc8c195b228663b08bfc368de8568f864c02789581a055655b0be0caa7e615755fb6 |
memory/14564-1922-0x00007FF6A1E50000-0x00007FF6A1ED3000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_B40B160CC7E84BD796AA8C66D54A429B.dat
| MD5 | 5b704e9f3713f8168f6d07fc3a49152a |
| SHA1 | ef1a783dfc38b7f931ca1fc0d410c5c0bcdfdce2 |
| SHA256 | 97f532c041c7c096635414984e71ef43decec63c66d0efdf959216e7b9ab9dda |
| SHA512 | 38a58175363adad4df3455f38b1ed60e8b7fb8b1e248efe99aeb3bc51632fc5ba2290ee539b8285512d59978e29b90986dbee7f0cb3f91a53f3747d62fd9b0cc |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 5a94549b874cf1c1af374f016a7a9c8c |
| SHA1 | e3321bb884b36ba58eaef4a08c2efde3f1214cd6 |
| SHA256 | 08f0578770229cb869d510be98dd24e93d332418c0a0f5fd43fa3a4cfec5e9ad |
| SHA512 | 111251b36d9563705a84e86f2a8865f0def0939aa9c66edabf1aa574873bca778cd8541c62d18a49a4e568fddb00b59148f11816b1323cd8910edf0a44bbc143 |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 00cc09c9b847864e82259ec81698f37a |
| SHA1 | 1febe7696160b33e66295c7a0031046eb32582c2 |
| SHA256 | 635a66c19cd5abdc890c20beee702c3641bab20ffc248705f90001819f97134f |
| SHA512 | a3e3e785b0f580bb71375b18667b21ad9cde35ff3736233620bd36e017cf6a845744cfecf03da80d23c6b591d701dfb63ebeb2f2e971792fc4187ae80fe09731 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 716575e6bfdc9882b86878042fd9bd29 |
| SHA1 | ca557782764c525506cdf265521fd919f82a2bb9 |
| SHA256 | 807152c0fde4a3d1945443618dc0eda0addec80adf3cb78cb86616598434f0ee |
| SHA512 | 5e8223d9a0b42da6d605a13c2554fe26e1631688204035a6e202bb002b687641d6e3fe71cc9176f6101fcc414675061c85fcc010a9c3aea3d2278f999bf350b9 |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 231ab8306e5800b6cbc59ce55399ae1d |
| SHA1 | ca112ebc80f13e85d7eba1977891ca25f1bb2342 |
| SHA256 | f3fb7ee6b2a2d6bd25be60f249629c7a877343681752c6190d5140af324de064 |
| SHA512 | 2c1184f6417f199fe9d6aedb0b0fc86696320fdf9680cf67123b3c8eecf6de62f5284056c4c9373d023f5ac6bbbf19e7f8183b29e5a5091c8b5a90b8cd8b8f7b |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
| MD5 | e997d7d4fae2b424fb551b171ef4a535 |
| SHA1 | f9aba0d006ba9aaf7d33e7c50a044967e59e484c |
| SHA256 | 8a7ceea0885ebb23845c6e647d121c6d2ee0de117bbc18a3fd1e3a84c06e8594 |
| SHA512 | 3825e69020c1941e1a60b0f6e0e46dc33819a304c61154c320808494305e9f4e5e8a2b1a8e0318a72b004364c95e43e744904f55aba7b1fe096169eef970e9b0 |
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 2fa2fe29d5df03c7d9eb4febd3377e0d |
| SHA1 | 0c2b77fefa70c3d213be4b9fe3930e1b4f874d52 |
| SHA256 | ab0bdd73dda689c9f18b9ea25de2a5687f4801e9499bacb7b9ff4be77c1f622c |
| SHA512 | 0dc4a5ac182634febe947abcc544721b887fe994a3585b90d0e9def0c62929a5a3cdab3d0ff59d7cb8fb91cd76a0f9ad5f6c0525b4ffe75f6a4185889fffaa2c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\Telemetry.FailedProfileLocks.txt
| MD5 | a5771bce93e200c36f7cd9dfd0e5deaa |
| SHA1 | 5b384ce32d8cdef02bc3a139d4cac0a22bb029e8 |
| SHA256 | aea92132c4cbeb263e6ac2bf6c183b5d81737f179f21efdc5863739672f0f470 |
| SHA512 | caae34a5e81031268bcdaf6f1d8c04d37b7f2c349afb705b575966f63e2ebf0fd910c3b05160ba087ab7af35d40b7c719c53cd8b947c96111f64105fd45cc1b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\Telemetry.FailedProfileLocks.txt
| MD5 | d9d4f495e875a2e075a1a4a6e1b9770f |
| SHA1 | fe2ef495a1152561572949784c16bf23abb28057 |
| SHA256 | 25fc0e7096fc653718202dc30b0c580b8ab87eac11a700cba03a7c021bc35b0c |
| SHA512 | 9c3211509a9eee80f881f6b6666ab82df6bec222c84ba583c5bb636a0a0d811d850524e9adba61950e09fcd06ffacdd0ee164220ac09a2319b2f35db219fc8c9 |
C:\Users\Admin\Documents\Scanned Documents\Welcome Scan.jpg
| MD5 | 73d4281e46a68222934403627e5b4e19 |
| SHA1 | 0f1c29cea7ea24ebb75c95114e0b0d26438e1d39 |
| SHA256 | aac4ac970ec47cd95dc7c65d7d38d29c1f948be24d5dad1d5aa21053125367c7 |
| SHA512 | bb7aad10e5accd3f5c0f6b2968973034a2f7c2523401eb234b2de0cdad2dc13f4fd58d08ece94ec06420a52b3d371ba832f8fb4741f48799703bdf32a4daf555 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3e39804b1f60013dfc12594323a11962 |
| SHA1 | d67dab2626075babb8ab963aff00f761fb01baab |
| SHA256 | e3408cd57d587d3670250915baf2c90326a34d62d06d836f5c42f795e50b1048 |
| SHA512 | aaf41bea8ba8a75f90c56f70fcef08df273a34303225eb69deb72f49b686e76adbbf6cb6d8909c3a096f077b89682966fd7f283e1031a58de3b836cbd1caf2b5 |
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar
| MD5 | 4f9f42a2c5524bf0ce187c5dcb517b89 |
| SHA1 | b54ff1e485ee0605753e23f254e288f9a79cc59d |
| SHA256 | e271e41f800f3f25e0f9fe212f2e31e6a57b74d28b89fd3425deb42a6a1b411a |
| SHA512 | 45eb73dae61b6cb855a33966b6c3f1f064a15714761e3075eda105f72adf3780b05dbfbcca75fb47734ca47bb6abe4a1db075d30b1db748ffca11d9928d6cdbc |
memory/32264-3508-0x0000000000AB0000-0x0000000000B24000-memory.dmp
memory/32280-3509-0x00000000002E0000-0x0000000000310000-memory.dmp
memory/32264-3510-0x0000000005750000-0x0000000005C4E000-memory.dmp
memory/32264-3511-0x0000000005140000-0x00000000051D2000-memory.dmp
memory/32264-3512-0x00000000050E0000-0x00000000050EA000-memory.dmp
memory/32280-3518-0x0000000002910000-0x000000000291A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a94a6cdb93fdba0e8394b1f6507457d7 |
| SHA1 | ea50fd15a642ce8b81c738e0b76fa52b80e8c643 |
| SHA256 | 9119d69621527843343ed881e5c40573b1271ce2abf6d2eb8bc80340d0ce4d53 |
| SHA512 | 82a5cb03514b521ec2530c2d98613263ebb537b3504b717c0b14a251f009f285ed1b677eab7c54d2d7545670dbc4870734d73acf34f5f79763e60ceee438545a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js
| MD5 | 23d0b4f907ccad0972b69181a04db56a |
| SHA1 | f54b23779ebe95af3998273b3c8652339ddfc61e |
| SHA256 | 894e96f539866e3775034995e2209402f803fb4f8e308a3be727ae5219bbe7e2 |
| SHA512 | 4b4da971b024208df2352d2968a944cf61278b917b994a961dfd351f53dfd753d9f5ac1638c8dd90a6c584187b2951c2733b67b31ca615f8971cf36e85027180 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 9de7a4addef25cfe78c3772e3d10715b |
| SHA1 | 9184de92b5c547eb087d46b80134428be69fed69 |
| SHA256 | 1fa16e67841270dbfe61ea4f2eb1cf4ecd18f1edb99d0cb267ff47d53f0d62ac |
| SHA512 | b6b412c35c42d61e96564f9011401e5117a97e6cece682ac452ac0e7371a90e2982a3ea9d8806923bb9d6276e82ddea1041f4c0e349a2b876d6ae721c3679143 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\c28ee0ef-84b5-4a2f-a398-9210e6e0ae5a
| MD5 | 60bb23342f0345a7b56c321a2d182ee5 |
| SHA1 | 5f144b2a5482f085f08d7cf51e9d42a51f402af6 |
| SHA256 | 8ece3a48b8b5d9f7b096092b3a0351b99d98b8386f9fce3055b16804f9982deb |
| SHA512 | 96c87003ef20217a4d99c81d25c50fe39cc2e749b37111f0d18fef4a18ed79c3db3d9498da20c9a33e5a3c20f0aac79897bd5890896c61e15505f74931ea9ff3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\609721c8-99ac-4537-8d8f-75b18de7b40b
| MD5 | d00658cb122b89179b63452dfab0ae02 |
| SHA1 | afcc34ffded7d1dcb76d6cdeb89c17d1098cd18c |
| SHA256 | 5ac07059fef708c02aec0ba4049c9fa272582b105a72a64a05a5c6731e7d0197 |
| SHA512 | 0d0f3a4d1d06b187fecf90862e7e1f904dd20424948387a44dde5383bde62ecee7d3141cade47e39495c059398641b6001344c660ca31988fe62f9cf65a7a69f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js
| MD5 | 2292aecc05723d8e1449cc03217bb4b0 |
| SHA1 | 58d4bfe2afdfbe1217396fa0ae5187dc252e04a9 |
| SHA256 | 52d49c3a2a32d84835e4c41c93135be233347b7b7471665fe94d0bbedb284810 |
| SHA512 | 0f704ccc4cd83e596d8a3f5e641104b177c461ae7b9fadb19e0977d3eaec3373642508246c364bd71e7ee0393b15307c2cd87737cd3be8b07b8b303e51e5401c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4b755edb430d3d1c6a4c2b3a8f7afe8b |
| SHA1 | 730d5c793d9465a08f3e1223e871ecdefe086923 |
| SHA256 | d26390dc7392713d13d59ae70f1b2f3ba1513c468092748973c216f5dbdb8f95 |
| SHA512 | dc7260b4c4abb52382cdd45c1efaf13f6df5f56c2b9cf08a5f5990f14e57038c7333ac96634579f9cf18306a2067bf48b1e7355e95dc6df4754858008db2d176 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9d06586f2c194a505b40c9e56fcd957e |
| SHA1 | 3f735efdc9db36157704e5fccf900a7d171982d0 |
| SHA256 | edcff410f38b9fcaab0bd104524d82b915f49ade93149ec36da2be12a8444946 |
| SHA512 | 4f96f6d7cb4378c2ea178503fc6a6e3fe0d40b6fa4aab4b246d9e08f63ff8eecc9e9d69f802cc6599389b494507ce17bea2d953cb1f1a8402a5aeb4df8686b15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1ef2ac112fa1899a91a565994ae9a3cd |
| SHA1 | 13f39e99528c6c8ff50b9755565e5aa7e63fc4b9 |
| SHA256 | a4854777451a250014197a8c0757b7e9034f4901ab115ae204ef672c6ee9ed78 |
| SHA512 | 04d75aae1f7fea4a8ba99536b508dcf8cad86d59b602c0909f40b279e71dfc150f3a37fa03d95ce904e0b0f578daf64b5ea15c8e5d6783e85f43f56d0b3f49fc |
memory/32264-4146-0x0000000005C50000-0x0000000005E08000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/32264-4147-0x0000000005E10000-0x0000000006160000-memory.dmp
memory/32264-4148-0x00000000056F0000-0x0000000005702000-memory.dmp
memory/32264-4155-0x00000000066A0000-0x0000000006A5A000-memory.dmp
memory/25136-4153-0x00007FF97D700000-0x00007FF97D731000-memory.dmp
memory/32264-4157-0x0000000006A60000-0x0000000006D02000-memory.dmp
memory/32264-4158-0x0000000007090000-0x0000000007406000-memory.dmp
memory/32264-4156-0x0000000006330000-0x000000000637E000-memory.dmp
memory/25136-4151-0x000000001CF60000-0x000000001CF91000-memory.dmp
memory/32264-4195-0x0000000008110000-0x0000000008132000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8150efd902885364c997f75ebc40aae1 |
| SHA1 | d7ef54c8df4bbf79692198318a229f9e07580eb2 |
| SHA256 | 278e5a0bcdc38c341a19d0940bb13d24bcca167c130c8821dd8cc9ecd10fbf23 |
| SHA512 | 2d5da1fa8eb070450a876a29b56e13e62ea7c1ac98a2856eb9d2b877d209615b7b2b3c1fde145fae04c70ec179d2fd96e0fbbc49bf73196a867c1c7c410ec60e |
C:\Windows\Installer\MSIC63D.tmp
| MD5 | 67f23a38c85856e8a20e815c548cd424 |
| SHA1 | 16e8959c52f983e83f688f4cce3487364b1ffd10 |
| SHA256 | f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40 |
| SHA512 | 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d |
memory/32264-4334-0x0000000008060000-0x000000000806A000-memory.dmp
memory/32264-4336-0x000000000A220000-0x000000000A22E000-memory.dmp
memory/32264-4335-0x000000000AAD0000-0x000000000AB3C000-memory.dmp
memory/26968-4490-0x000000001C860000-0x000000001CD44000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | ad4e69b51d4be80ee07953e6e7fa8d60 |
| SHA1 | 518c9c370fb40c0effb17247ef2b8cdc270e2933 |
| SHA256 | 7d07fb8323246b9bebbb4e34a8c8509b77918a227df8dd30db06eed4f325c219 |
| SHA512 | 790fb675d9a0d0cbe58918d0e94633ea1c0e8fde5c3393154c0387cc1a547797ca03088f52e15efaa4f7fce29e7ec66b1c72dcd758d3b1e0e258b31bca8e6f6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | adc432340f128b91f4e453ad57fda02b |
| SHA1 | d9f07d0800e97eccb27d7f09f6947692a68b44dc |
| SHA256 | 6c1b44bc7bd328b42d69fc372ef029500da16a336d75446eead8a7584a1cca1a |
| SHA512 | 3a771dc47000c1e5210e8b811d2741cd9cc1aeca871db75f211f6d2b45c4057222d03a98f5fa030315a5eecd0951411d1bb104062708558ea4411ce55acb3a2f |
C:\Windows\Installer\MSIFFE0.tmp
| MD5 | be0b6bea2e4e12bf5d966c6f74fa79b5 |
| SHA1 | 8468ec23f0a30065eee6913bf8eba62dd79651ec |
| SHA256 | 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164 |
| SHA512 | dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b8313266f6aa131a256568f5a6f02ab5 |
| SHA1 | 4f4ff0a8ff09af6a0b8c92ee554a85b13897a439 |
| SHA256 | b0e27aa6ce95d77fa48369d735d5f35f4b51ea3296fe3861f8e05e17b9d5a2fa |
| SHA512 | 59ce23333876140085704841401c21c1bfd14da1c27b0555eba87d3a85e65bef6d0ef77d19de9a9226c3f77bd3dd6be9ef78f55dbef2340135c013be54242ce5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8a962076e8c732448eb69290f7232faa |
| SHA1 | 38c98f5765737de8cc1581ce18c1c75154534c53 |
| SHA256 | d690d5bab612496005da1709885f9bd62515d6112775bdca235c509302768172 |
| SHA512 | 4b1d5c4eb4b1441cd3638eb91696ac5f86589a980db9b49062afd2bee39c346e2059b725c6b0a90253dbcfb170668a2f402bc9f15178cce81e42d67c77f91d2d |
C:\Program Files\Google\Chrome\Application\SetupMetrics\5bb13ba3-a633-4456-8c59-84a3cf1f1fed.tmp
| MD5 | 6d971ce11af4a6a93a4311841da1a178 |
| SHA1 | cbfdbc9b184f340cbad764abc4d8a31b9c250176 |
| SHA256 | 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783 |
| SHA512 | c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f |
memory/376-6656-0x00007FF6A1E50000-0x00007FF6A1ED3000-memory.dmp
C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp
| MD5 | 9a5bd17c9dfb7665edde0c3ac21dfcd8 |
| SHA1 | d362c18e037e0c8e2d8e21c9c13f5c9f0f7fd42b |
| SHA256 | 95f976ab855908c02330bcbae50fcc69dc6d803c29a9331b140d9be0c015ba0c |
| SHA512 | e21d18d24228eec976247d513bb0f143a7b118d788140ddef6d0c85b3ffd492381976a35b65e95a2c50d9cbdf97431427f433c762870128dfa543e52a8f86ad2 |
C:\Users\Admin\AppData\Local\Temp\TCD8FE1.tmp\gb.xsl
| MD5 | 51d32ee5bc7ab811041f799652d26e04 |
| SHA1 | 412193006aa3ef19e0a57e16acf86b830993024a |
| SHA256 | 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97 |
| SHA512 | 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810 |
C:\Users\Admin\AppData\Local\Temp\cab9283.tmp
| MD5 | 89a9818e6658d73a73b642522ff8701f |
| SHA1 | e66c95e957b74e90b444ff16d9b270adab12e0f4 |
| SHA256 | f747dd8b79fc69217fa3e36fae0ab417c1a0759c28c2c4f8b7450c70171228e6 |
| SHA512 | 321782b0b633380da69bd7e98aa05be7fa5d19a131294cc7c0a598a6a1a1aef97ab1068427e4223aa30976e3c8246ff5c3c1265d4768fe9909b37f38cbc9e60d |
C:\Users\Admin\AppData\Local\Temp\cab9296.tmp
| MD5 | e3c64173b2f4aa7ab72e1396a9514bd8 |
| SHA1 | 774e52f7e74b90e6a520359840b0ca54b3085d88 |
| SHA256 | 16c08547239e5b969041ab201eb55a3e30ead400433e926257331cb945dff094 |
| SHA512 | 7ed618578c6517ed967fb3521fd4dbed9cdfb7f7982b2b8437804786833207d246e4fcd7b85a669c305be3b823832d2628105f01e2cf30b494172a17fc48576d |
C:\Users\Admin\AppData\Local\Temp\cab9294.tmp
| MD5 | 0ebc45aa0e67cc435d0745438371f948 |
| SHA1 | 5584210c4a8b04f9c78f703734387391d6b5b347 |
| SHA256 | 3744bfa286cfcff46e51e6a68823a23f55416cd6619156b5929fed1f7778f1c7 |
| SHA512 | 31761037c723c515c1a9a404e235fe0b412222cb239b86162d17763565d0ccb010397376fb9b61b38a6aebdd5e6857fd8383045f924af8a83f2c9b9af6b81407 |
C:\Users\Admin\AppData\Local\Temp\cab8E5B.tmp
| MD5 | 4efa48ec307eaf2f9b346a073c67fcfb |
| SHA1 | 76a7e1234ff29a2b18c968f89082a14c9c851a43 |
| SHA256 | 3ee9ae1f8dab4c498bd561d8fcc66d83e58f11b7bb4b2776df99f4cda4b850c2 |
| SHA512 | 2705644d501d85a821e96732776f61641fe82820fd6a39ffaf54a45ad126c886dc36c1398cdbdbb5fe282d9b09d27f9bfe7f26a646f926da55dff28e61fbd696 |
C:\Users\Admin\AppData\Local\Temp\cab8E3A.tmp
| MD5 | abbf10cee9480e41d81277e9538f98cb |
| SHA1 | f4ea53d180c95e78cc1da88cd63f4c099bf0512c |
| SHA256 | 557e0714d5536070131e7e7cdd18f0ef23fe6fb12381040812d022ec0fee7957 |
| SHA512 | 9430daacf3ca67a18813ecd842be80155fd2de0d55b7cd16560f4aaefda781c3e4b714d850d367259caab28a3bf841a5cb42140b19cfe04ac3c23c358ca87ffb |
C:\Users\Admin\AppData\Local\Temp\cab93F0.tmp
| MD5 | ef9cb8bdfbc08f03bef519ad66ba642f |
| SHA1 | d98c275e9402462bf52a4d28faf57df0d232af6b |
| SHA256 | 93a2f873acf5bead4bc0d1cc17b5e89a928d63619f70a1918b29e5230abead8e |
| SHA512 | 4dfbdf389730370fa142dcfb6f7e1ac1c0540b5320fa55f94164c0693db06c21e6d4a1316f0abe51e51bcbdab3fd33ae882d9e3cfdb4385ab4c3af4c2536b0b3 |
C:\Users\Admin\AppData\Local\Temp\cab9455.tmp
| MD5 | b9a6ff715719ee9de16421ab983ca745 |
| SHA1 | 6b3f68b224020cd4bf142d7edaaec6b471870358 |
| SHA256 | e3be3f1e341c0fa5e9cb79e2739cf0565c6ea6c189ea3e53acf04320459a7070 |
| SHA512 | 062a765ac4602db64d0504b79be7380c14c143091a09f98a5e03e18747b2166bd862ce7ef55403d27b54ceb397d95bfae3195c15d5516786febdac6cd5fbf9cd |
C:\Users\Admin\AppData\Local\Temp\cab94B6.tmp
| MD5 | 8b29fab506fd65c21c9cd6fe6bbbc146 |
| SHA1 | ce1b8a57bb3c682f6a0afc32955dafd360720fdf |
| SHA256 | 773ac516c9b9b28058128ec9be099f817f3f90211ac70dc68077599929683d6f |
| SHA512 | afa82ccbc0aef9fae4e728e4212e9c6eb2396d7330ccbe57f8979377d336b4dacf4f3bf835d04abcebcdb824b9a9147b4a7b5f12b8addadf42ab2c34a7450ade |
C:\Users\Admin\AppData\Local\Temp\cab967F.tmp
| MD5 | 748a53c6bdd5ce97bd54a76c7a334286 |
| SHA1 | 7dd9eedb13ac187e375ad70f0622518662c61d9f |
| SHA256 | 9af92b1671772e8e781b58217dab481f0afbcf646de36bc1bffc7d411d14e351 |
| SHA512 | ec8601d1a0dbd5d79c67af2e90fad44bbc0b890412842bf69065a2c7cb16c12b1c5ff594135c7b67b830779645801da20c9be8d629b6ad8a3ba656e0598f0540 |
C:\Users\Admin\AppData\Local\Temp\cab967D.tmp
| MD5 | 97f5b7b7e9e1281999468a5c42cb12e7 |
| SHA1 | 99481b2fa609d1d80a9016adaa3d37e7707a2ed1 |
| SHA256 | 1cf5c2d0f6188ffff117932c424cc55d1459e0852564c09d7779263abd116118 |
| SHA512 | ace9718d724b51fe04b900ce1d2075c0c05c80243ea68d4731a63138f3a1287776e80bd67ecb14c323c69aa1796e9d8774a3611fe835ba3ca891270de1e7fd1f |
C:\Users\Admin\AppData\Local\Temp\cab9452.tmp
| MD5 | 7c645ec505982fe529d0e5035b378ffc |
| SHA1 | 1488ed81b350938d68a47c7f0bce8d91fb1673e2 |
| SHA256 | 298fd9dadf0acebb2aa058a09eebfae15e5d1c5a8982dee6669c63fb6119a13d |
| SHA512 | 9f410da5db24b0b72e7774b4cf4398edf0d361b9a79fbe2736a1ddd770afe280877f5b430e0d26147cca0524a54ea8b41f88b771f3598c2744a7803237b314b2 |
C:\Users\Admin\AppData\Local\Temp\cab9451.tmp
| MD5 | 7bf88b3ca20eb71ed453a3361908e010 |
| SHA1 | f75f86557051160507397f653d7768836e3b5655 |
| SHA256 | e555a610a61db4f45a29a7fb196a9726c25772594252ad534453e69f05345283 |
| SHA512 | 2c3dfb0f8913d1d8ff95a55e1a1fd58ce1f9d034268cd7bc0d2bf2dcefea8ef05dd62b9afde1f983cacadd0529538381632adfe7195eac19ce4143414c44dbe3 |
C:\Users\Admin\AppData\Local\Temp\cab971D.tmp
| MD5 | f913dd84915753042d856cec4e5daba5 |
| SHA1 | fb1e423c8d09388c3f0b6d44364d94d786e8cf53 |
| SHA256 | aa03afb681a76c86c1bd8902ee2bba31a644841ce6bcb913c8b5032713265578 |
| SHA512 | c48850522c809b18208403b3e721abeb1187f954045ce2f8c48522368171cc8faf5f30fa44f6762afde130ec72284bb2e74097a35fe61f056656a27f9413c6b6 |
C:\Users\Admin\AppData\Local\Temp\cab9450.tmp
| MD5 | d30ad26dbb6deca4fdd294f48edad55d |
| SHA1 | ca767a1b6af72cf170c9e10438f61797e0f2e8ce |
| SHA256 | 6b1633dd765a11e7ed26f8f9a4dd45023b3e4adb903c934df3917d07a3856bff |
| SHA512 | 7b519f5d82ba0da3b2effad3029c7cab63905d534f3cf1f7ea3446c42fa2130665ca7569a105c18289d65fa955c5624009c1d571e8960d2b7c52e0d8b42be457 |
C:\Users\Admin\AppData\Local\Temp\cab978C.tmp
| MD5 | c47e3430af813df8b02e1cb4829dd94b |
| SHA1 | 35f1f1a18aa4fd2336a4ea9c6005dbe70013c7fc |
| SHA256 | f2db1e60533f0d108d5fb1004904c1f2e8557d4493f3b251a1b3055f8f1507a3 |
| SHA512 | 6f8904e658eb7d04c6880f7cc3ec63fcfe31ef2c3a768f4ecf40b115314f23774daee66dce9c55faf0ad31075a3ac27c8967fd341c23c953ca28bdc120997287 |
C:\Users\Admin\AppData\Local\Temp\cab9BDC.tmp
| MD5 | 1c12315c862a745a647dad546eb4267e |
| SHA1 | b3fa11a511a634eec92b051d04f8c1f0e84b3fd6 |
| SHA256 | 4e2e93ebac4ad3f8690b020040d1ae3f8e7905ab7286fc25671e07aa0282cac0 |
| SHA512 | ca8916694d42bac0ad38b453849958e524e9eed2343ebaa10df7a8acd13df5977f91a4f2773f1e57900ef044cfa7af8a94b3e2dce734d7a467dbb192408bc240 |
C:\Users\Admin\AppData\Local\Temp\cab9BCA.tmp
| MD5 | 486cbcb223b873132ffaf4b8ad0ad044 |
| SHA1 | b0ec82cd986c2ab5a51c577644de32cfe9b12f92 |
| SHA256 | b217393fd2f95a11e2c594e736067870212e3c5242a212d6f9539450e8684616 |
| SHA512 | 69a48bf2b1db64348c63fc0a50b4807fb9f0175215e306e60252fffd792b1300128e8e847a81a0e24757b5f999875da9e662c0f0d178071db4f9e78239109060 |
C:\Users\Admin\AppData\Local\Temp\cab9BB9.tmp
| MD5 | 9a07035ef802bf89f6ed254d0db02ab0 |
| SHA1 | 9a48c1962b5cf1ee37feec861a5b51ce11091e78 |
| SHA256 | 6cb03cebab2c28bf5318b13eeee49fbed8dcedaf771de78126d1bfe9bd81c674 |
| SHA512 | be13d6d88c68fa16390b04130838d69cdb6169dc16af0e198c905b22c25b345c541f8fccd4690d88be89383c19943b34edc67793f5eb90a97cd6f6eccb757f87 |
C:\Users\Admin\AppData\Local\Temp\cab9BB7.tmp
| MD5 | 66c5199cf4fb18bd4f9f3f2ccb074007 |
| SHA1 | ba9d8765ffc938549cc19b69b3bf5e6522fb062e |
| SHA256 | 4a7dc4ed098e580c8d623c51b57c0bc1d601c45f40b60f39bba5f063377c3c1f |
| SHA512 | 94c434a131cde47cb64bcd2fb8af442482f8ecfa63d958c832eca935deb10d360034ef497e2ebb720c72b4c1d7a1130a64811d362054e1d52a441b91c46034b0 |
C:\Users\Admin\AppData\Local\Temp\cab9BA5.tmp
| MD5 | e532038762503ffa1371df03fa2e222d |
| SHA1 | f343b559ae21daef06cbcd8b2b3695de1b1a46f0 |
| SHA256 | 5c70dd1551eb8b9b13efafeeaf70f08b307e110caee75ad9908a6a42bbccb07e |
| SHA512 | e0712b481f1991256a01c3d02ed56645f61aa46eb5de47e5d64d5ecd20052cda0ee7d38208b5ee982971cca59f2717b7cae4dfcf235b779215e7613aa5dcd976 |
C:\Users\Admin\AppData\Local\Temp\cabA3C5.tmp
| MD5 | e29ce2663a56a1444eaa3732ffb82940 |
| SHA1 | 767a14b51be74d443b5a3feff4d870c61cb76501 |
| SHA256 | 3732eb6166945db2bf792da04199b5c4a0fb3c96621ecbfdeaf2ea1699ba88ee |
| SHA512 | 6bc420f3a69e03d01a955570dc0656c83c9e842c99cf7b429122e612e1e54875c61063843d8a24db7ec2035626f02ddabf6d84fc3902184c1eff3583dbb4d3d8 |
C:\Users\Admin\AppData\Local\Temp\cabA3C4.tmp
| MD5 | 84d8f3848e7424cbe3801f9570e05018 |
| SHA1 | 71d7f2621da8b295ce6885f8c7c81016d583c6b1 |
| SHA256 | b4bc3cd34bd328aaf68289cc0ed4d5cf8167f1ee1d7be20232ed4747ff96a80a |
| SHA512 | e27873bfd95e464cb58b3855f2da404858b935530cf74c7f86ff8b3fc3086c2faea09fa479f0ca7b04d87595ed8c4d07d104426ff92dfb31bed405fa7a017da8 |
C:\Users\Admin\AppData\Local\Temp\cabA3B1.tmp
| MD5 | 21437897c9b88ac2cb2bb2fef922d191 |
| SHA1 | 0cad3d026af2270013f67e43cb44f0568013162d |
| SHA256 | 372572dcbad590f64f5d18727757cbdf9366dde90955c79a0fcc9f536dab0384 |
| SHA512 | a74da3775c19a7af4a689fa4d920e416ab9f40a8bda82ccf651ddb3eacbc5e932a120abf55f855474cebed0b0082f45d091e211aaea6460424bfd23c2a445cc7 |
C:\Users\Admin\AppData\Local\Temp\cabA501.tmp
| MD5 | f93364eec6c4ffa5768de545a2c34f07 |
| SHA1 | 166398552f6b7f4509732e148f93e207dd60420b |
| SHA256 | 296b915148b29751e68687ae37d3fafd9ffddf458c48eb059a964d8f2291e899 |
| SHA512 | 4f0965b4c5f543b857d9a44c7a125ddd3e8b74837a0fdd80c1fdc841bf22fc4ce4adb83aca8aa65a64f8ae6d764fa7b45b58556f44cfce92bfac43762a3bc5f4 |
C:\Users\Admin\AppData\Local\Temp\cabA3B0.tmp
| MD5 | 65828dc7be8ba1ce61ad7142252acc54 |
| SHA1 | 538b186eaf960a076474a64f508b6c47b7699dd3 |
| SHA256 | 849e2e915aa61e2f831e54f337a745a5946467d539ccbd0214b4742f4e7e94ff |
| SHA512 | 8c129f26f77b4e73bf02de8f9a9f432bb7e632ee4abad560a331c2a12da9ef5840d737bfc1ce24fdcbb7ef39f30f98a00dd17f42c51216f37d0d237145b8de15 |
C:\Users\Admin\AppData\Local\Temp\cabA3AE.tmp
| MD5 | ee0129c7cc1ac92bbc3d6cb0f653fcae |
| SHA1 | 4abaa858176b349bdab826a7c5f9f00ac5499580 |
| SHA256 | 345aa5ca2496f975b7e33c182d5e57377f8b740f23e9a55f4b2b446723947b72 |
| SHA512 | cddabe701c8cba5bd5d131abb85f9241212967ce6924e34b9d78d6f43d76a8de017e28302ff13ce800456ad6d1b5b8ffd8891a66e5be0c1e74cf19df9a7ad959 |
C:\Users\Admin\AppData\Local\Temp\cabA66A.tmp
| MD5 | d4eac009e9e7b64b8b001ae82b8102fa |
| SHA1 | d8d166494d5813db20ea1231da4b1f8a9b312119 |
| SHA256 | 8b0631da4dc79e036251379a0a68c3ba977f14bcc797ba0eb9692f8bb90ddb4d |
| SHA512 | 561653f9920661027d006e7def7fb27de23b934e4860e0df78c97d183b7cebd9dce0d395e2018eef1c02fc6818a179a661e18a2c26c4180afee5ef4f9c9c6035 |