Malware Analysis Report

2024-11-30 13:31

Sample ID 240604-q489gahe8t
Target q.exe
SHA256 f9e5e1df07eb55a62dbee2ac0188c4b0497f3878219059b2a65c13701529c744
Tags
pyinstaller discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f9e5e1df07eb55a62dbee2ac0188c4b0497f3878219059b2a65c13701529c744

Threat Level: Shows suspicious behavior

The file q.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller discovery persistence

Registers COM server for autorun

Modifies file permissions

Executes dropped EXE

Loads dropped DLL

Detects Pyinstaller

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 13:50

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 13:50

Reported

2024-06-04 13:53

Platform

win10-20240404-en

Max time kernel

3s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\q.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7z759CB580\Uninst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\q.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\q.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_01" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_03" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_23" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.0_04" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_22" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.0_05" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_07" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_01" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_22" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\ = "Java Plug-in 1.3.0_02" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_06" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_CLASSES\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe N/A
N/A N/A C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4512 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Users\Admin\AppData\Local\Temp\q.exe
PID 4512 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Users\Admin\AppData\Local\Temp\q.exe
PID 1132 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 292 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 32 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4112 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4576 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1720 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 664 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3664 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1720 wrote to memory of 2396 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe
PID 1720 wrote to memory of 2396 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe
PID 1132 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2980 wrote to memory of 964 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
PID 2980 wrote to memory of 964 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
PID 220 wrote to memory of 4300 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
PID 220 wrote to memory of 4300 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
PID 220 wrote to memory of 4300 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
PID 4368 wrote to memory of 1628 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4368 wrote to memory of 1628 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1132 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1512 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1132 wrote to memory of 3500 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\q.exe

"C:\Users\Admin\AppData\Local\Temp\q.exe"

C:\Users\Admin\AppData\Local\Temp\q.exe

"C:\Users\Admin\AppData\Local\Temp\q.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\DismountBackup.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7z.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zG.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9ca519758,0x7ff9ca519768,0x7ff9ca519778

C:\Program Files\Internet Explorer\ieinstal.exe

"C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

"C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff662e17688,0x7ff662e17698,0x7ff662e176a8

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

"C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe

"C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9ca519758,0x7ff9ca519768,0x7ff9ca519778

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Program Files\Common Files\microsoft shared\ink\mip.exe

"C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe

"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe

"C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

"C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

"C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java.exe"

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

"C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

"C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

"C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

"C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

"C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

"C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

"C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

"C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

"C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Program Files\Java\jdk-1.8\bin\klist.exe

"C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

"C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe

"C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Program Files\Java\jdk-1.8\bin\schemagen.exe

"C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Program Files\Java\jdk-1.8\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Program Files\Java\jdk-1.8\bin\serialver.exe

"C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Program Files\Java\jdk-1.8\bin\unpack200.exe

"C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"

C:\Program Files\Java\jre-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Program Files\Java\jre-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

"C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

"C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Program Files\Internet Explorer\iediagcmd.exe

"C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

"C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

"C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

"C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Program Files\Java\jdk-1.8\bin\rmic.exe

"C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Program Files\Java\jdk-1.8\bin\rmid.exe

"C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Users\Admin\AppData\Local\Temp\7z759CB580\Uninst.exe

C:\Users\Admin\AppData\Local\Temp\7z759CB580\Uninst.exe /N /D="C:\Program Files\7-Zip\"

C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe

"C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Program Files\Java\jdk-1.8\bin\wsgen.exe

"C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Program Files\Java\jdk-1.8\bin\wsimport.exe

"C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Program Files\Java\jdk-1.8\bin\xjc.exe

"C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Program Files\Java\jdk-1.8\bin\jar.exe

"C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Program Files\Internet Explorer\ielowutil.exe

"C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

"C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Program Files\Java\jre-1.8\bin\java.exe

"C:\Program Files\Java\jre-1.8\bin\java.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"

C:\Program Files\Java\jdk-1.8\bin\jps.exe

"C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Program Files\Internet Explorer\ExtExport.exe

"C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Program Files\Java\jdk-1.8\bin\javac.exe

"C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff76dd87688,0x7ff76dd87698,0x7ff76dd876a8

C:\Program Files\Java\jdk-1.8\bin\javap.exe

"C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

"C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

"C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ff9ca519758,0x7ff9ca519768,0x7ff9ca519778

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jdk-1.8\jre\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel

C:\Program Files\Java\jdk-1.8\bin\javah.exe

"C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9ca519758,0x7ff9ca519768,0x7ff9ca519778

C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Windows\system32\dxdiag.exe

"C:\Windows\system32\dxdiag.exe" /x C:\Users\Admin\AppData\Local\Temp\dxdiag.xml

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:704 CREDAT:82945 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1808,i,1763004493103798826,14678414566664649849,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1800,i,343981427014570923,2616022874840194740,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1800,i,3358695664569048406,11683332378154179140,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1808,i,1763004493103798826,14678414566664649849,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1800,i,343981427014570923,2616022874840194740,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1800,i,3358695664569048406,11683332378154179140,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoia.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe"

C:\Program Files\Java\jre-1.8\bin\jjs.exe

"C:\Program Files\Java\jre-1.8\bin\jjs.exe"

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe"

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"

C:\Program Files\Java\jre-1.8\bin\keytool.exe

"C:\Program Files\Java\jre-1.8\bin\keytool.exe"

C:\Program Files\Java\jre-1.8\bin\kinit.exe

"C:\Program Files\Java\jre-1.8\bin\kinit.exe"

C:\Program Files\Java\jre-1.8\bin\klist.exe

"C:\Program Files\Java\jre-1.8\bin\klist.exe"

C:\Program Files\Java\jre-1.8\bin\ktab.exe

"C:\Program Files\Java\jre-1.8\bin\ktab.exe"

C:\Program Files\Java\jre-1.8\bin\orbd.exe

"C:\Program Files\Java\jre-1.8\bin\orbd.exe"

C:\Program Files\Java\jre-1.8\bin\pack200.exe

"C:\Program Files\Java\jre-1.8\bin\pack200.exe"

C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

"C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"

C:\Program Files\Microsoft Office\root\Office16\msotd.exe

"C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Program Files\Microsoft Office\root\Office16\msoia.exe

"C:\Program Files\Microsoft Office\root\Office16\msoia.exe"

C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

"C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"

C:\Program Files\Microsoft Office\root\Office16\msoev.exe

"C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

"C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"

C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

"C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"

C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

"C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

"C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe

"C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"

C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

"C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"

C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe

"C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"

C:\Program Files\Java\jre-1.8\bin\policytool.exe

"C:\Program Files\Java\jre-1.8\bin\policytool.exe"

C:\Program Files\Java\jre-1.8\bin\tnameserv.exe

"C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"

C:\Program Files\Java\jre-1.8\bin\servertool.exe

"C:\Program Files\Java\jre-1.8\bin\servertool.exe"

C:\Program Files\Java\jre-1.8\bin\unpack200.exe

"C:\Program Files\Java\jre-1.8\bin\unpack200.exe"

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe

"C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

"C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"

C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

"C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

"C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"

C:\Program Files\Java\jre-1.8\bin\rmid.exe

"C:\Program Files\Java\jre-1.8\bin\rmid.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe

"C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\crashreporter.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\default-browser-agent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\maintenanceservice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\pingsender.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\plugin-container.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\private_browsing.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MpCmdRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MpUXSrv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MSASCui.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MSASCuiL.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MsMpEng.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\NisSrv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\wab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\wabmig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\WinMail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\setup_wm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpconfig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmprph.exe"

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -getconfig=1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Builder3D.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\AppxClickHandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\MessagingApplication.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\3DViewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\3DViewer.ResourceResolver.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Solitaire.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteim.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\PeopleApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe\PurchaseApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Time.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\WindowsCamera.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxAccounts.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxMail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe"

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe

OfficeC2RClient.exe /blockinstall

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\PilotshubApp.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"

C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe

"C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"

C:\Program Files\Windows Media Player\wmplayer.exe

"C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"

C:\Program Files\Windows Defender\MpUXSrv.exe

"C:\Program Files\Windows Defender\MpUXSrv.exe"

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail.exe"

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe

"C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"

C:\Program Files\Mozilla Firefox\pingsender.exe

"C:\Program Files\Mozilla Firefox\pingsender.exe"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe"

C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe

"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

"C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"

C:\Program Files\VideoLAN\VLC\uninstall.exe

"C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Program Files\Windows Photo Viewer\ImagingDevices.exe

"C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"

C:\Program Files\Mozilla Firefox\plugin-container.exe

"C:\Program Files\Mozilla Firefox\plugin-container.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Program Files\Mozilla Firefox\private_browsing.exe

"C:\Program Files\Mozilla Firefox\private_browsing.exe"

C:\Program Files\Windows Defender\MsMpEng.exe

"C:\Program Files\Windows Defender\MsMpEng.exe"

C:\Program Files\Windows Defender\MpCmdRun.exe

"C:\Program Files\Windows Defender\MpCmdRun.exe"

C:\Program Files\Windows Defender\MSASCuiL.exe

"C:\Program Files\Windows Defender\MSASCuiL.exe"

C:\Program Files\Windows Defender\NisSrv.exe

"C:\Program Files\Windows Defender\NisSrv.exe"

C:\Program Files\Windows Defender\MSASCui.exe

"C:\Program Files\Windows Defender\MSASCui.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"

C:\Program Files\Windows Media Player\wmpshare.exe

"C:\Program Files\Windows Media Player\wmpshare.exe"

C:\Program Files\Windows Mail\wab.exe

"C:\Program Files\Windows Mail\wab.exe"

C:\Program Files\Mozilla Firefox\updater.exe

"C:\Program Files\Mozilla Firefox\updater.exe"

C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

"C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"

C:\Program Files\Mozilla Firefox\uninstall\helper.exe

"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Program Files\Windows Media Player\wmlaunch.exe

"C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

"C:\Program Files\Mozilla Firefox\default-browser-agent.exe"

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

"C:\Program Files\Mozilla Firefox\maintenanceservice.exe"

C:\Program Files\Windows NT\Accessories\wordpad.exe

"C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"

C:\Program Files\Windows Media Player\wmpconfig.exe

"C:\Program Files\Windows Media Player\wmpconfig.exe"

C:\Program Files\Windows Media Player\wmprph.exe

"C:\Program Files\Windows Media Player\wmprph.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"

C:\Program Files\Windows Mail\wabmig.exe

"C:\Program Files\Windows Mail\wabmig.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"

C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe

"C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe"

C:\Program Files\Windows Media Player\wmpnetwk.exe

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe

"C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Windows Media Player\setup_wm.exe

"C:\Program Files\Windows Media Player\setup_wm.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3896 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4012 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Maps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\SoundRec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\WinStore.App.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\XboxApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\GameBar.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\XboxIdp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\SpeechToTextOverlay64-Retail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Music.UI.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Video.UI.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe"

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\Install\{B0E23D68-D2B9-47AC-9AA9-845E4FE2E1D3}\chrome_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ExtExport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ielowutil.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\wab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\wabmig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\WinMail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmprph.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Upload Center.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\java.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\java.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaw.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaw.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"

C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"

C:\Program Files (x86)\Google\Update\Install\{B0E23D68-D2B9-47AC-9AA9-845E4FE2E1D3}\chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{B0E23D68-D2B9-47AC-9AA9-845E4FE2E1D3}\chrome_installer.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"

C:\Program Files (x86)\Windows Mail\wab.exe

"C:\Program Files (x86)\Windows Mail\wab.exe"

C:\Program Files (x86)\Windows Mail\wabmig.exe

"C:\Program Files (x86)\Windows Mail\wabmig.exe"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

"C:\Program Files (x86)\Internet Explorer\ExtExport.exe"

C:\Program Files (x86)\Internet Explorer\ieinstal.exe

"C:\Program Files (x86)\Internet Explorer\ieinstal.exe"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaws.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_78000\javaws.exe"

C:\Program Files (x86)\Windows Media Player\wmlaunch.exe

"C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"

C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files (x86)\Windows Media Player\wmpshare.exe

"C:\Program Files (x86)\Windows Media Player\wmpshare.exe"

C:\Program Files (x86)\Windows Media Player\wmprph.exe

"C:\Program Files (x86)\Windows Media Player\wmprph.exe"

C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"

C:\Program Files (x86)\Windows Mail\WinMail.exe

"C:\Program Files (x86)\Windows Mail\WinMail.exe"

C:\Program Files (x86)\Windows Media Player\wmpconfig.exe

"C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"

C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe

"C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe" -Embedding

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\DismountBackup.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7z.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zG.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe"

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=2180,i,10902467265398159017,16568171915158455518,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

"C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

"C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Program Files\Internet Explorer\ExtExport.exe

"C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Program Files\Internet Explorer\iediagcmd.exe

"C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Program Files\Internet Explorer\ielowutil.exe

"C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Program Files\Internet Explorer\ieinstal.exe

"C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

"C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

"C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

"C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Program Files\Java\jdk-1.8\bin\jar.exe

"C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

"C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Program Files\Java\jdk-1.8\bin\javac.exe

"C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

"C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Program Files\Java\jdk-1.8\bin\javah.exe

"C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Program Files\Java\jdk-1.8\bin\javap.exe

"C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

"C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

"C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

"C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

"C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

"C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe

"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Program Files\Common Files\microsoft shared\ink\mip.exe

"C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe

"C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe

"C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

"C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

"C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoia.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe"

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

"C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Program Files\Java\jdk-1.8\bin\jps.exe

"C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

"C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

"C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Program Files\Java\jdk-1.8\bin\rmic.exe

"C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"

C:\Program Files\Java\jre-1.8\bin\policytool.exe

"C:\Program Files\Java\jre-1.8\bin\policytool.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

"C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

"C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

"C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Program Files\Java\jdk-1.8\bin\schemagen.exe

"C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Java\jdk-1.8\bin\wsgen.exe

"C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Program Files\Java\jre-1.8\bin\jjs.exe

"C:\Program Files\Java\jre-1.8\bin\jjs.exe"

C:\Program Files\Java\jre-1.8\bin\keytool.exe

"C:\Program Files\Java\jre-1.8\bin\keytool.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"

C:\Program Files\Java\jdk-1.8\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

"C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

"C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"

C:\Program Files\Java\jre-1.8\bin\klist.exe

"C:\Program Files\Java\jre-1.8\bin\klist.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

"C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"

C:\Program Files\Java\jre-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"

C:\Program Files\Java\jdk-1.8\bin\xjc.exe

"C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Program Files\Java\jre-1.8\bin\java.exe

"C:\Program Files\Java\jre-1.8\bin\java.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 26.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 hl2rcv.adobe.com udp
US 192.147.130.244:443 hl2rcv.adobe.com tcp
US 8.8.8.8:53 244.130.147.192.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 1.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 2.22.96.153:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.f.0.0.0.0.0.e.ip6.arpa udp
US 8.8.8.8:53 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 153.96.22.2.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.9.0.6.6.1.2.0.ip6.arpa udp
US 8.8.8.8:53 0.0.0.0.c.5.b.d.0.0.0.0.c.5.0.7.0.0.0.0.d.c.c.d.1.0.0.0.0.0.f.7.ip6.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.8.0.0.0.0.0.0.0.8.1.0.0.0.0.0.0.0.0.f.5.d.d.5.e.0.c.ip6.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 238.65.237.44.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 93.243.107.34.in-addr.arpa udp
US 8.8.8.8:53 209.100.149.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 191.144.160.34.in-addr.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 82.221.107.34.in-addr.arpa udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 16.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
N/A 224.0.0.251:5353 udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 remoteassistance.support.services.microsoft.com udp
GB 23.49.163.97:443 remoteassistance.support.services.microsoft.com tcp
US 8.8.8.8:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 97.163.49.23.in-addr.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 251.0.0.224.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
US 34.107.221.82:80 detectportal.firefox.com tcp
NL 23.62.61.184:443 metadata.templates.cdn.office.net tcp
GB 52.109.32.7:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
NL 23.62.61.184:443 metadata.templates.cdn.office.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 184.61.62.23.in-addr.arpa udp
GB 23.49.163.97:443 remoteassistance.support.services.microsoft.com tcp
US 8.8.8.8:53 7.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
GB 23.49.163.97:443 remoteassistance.support.services.microsoft.com tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 202.138.73.23.in-addr.arpa udp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
GB 23.73.138.202:443 binaries.templates.cdn.office.net tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI45122\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI45122\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI45122\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI45122\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI45122\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI45122\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI45122\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI45122\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI45122\_socket.pyd

MD5 dc06f8d5508be059eae9e29d5ba7e9ec
SHA1 d666c88979075d3b0c6fd3be7c595e83e0cb4e82
SHA256 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a
SHA512 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

C:\Users\Admin\AppData\Local\Temp\_MEI45122\_lzma.pyd

MD5 05e8b2c429aff98b3ae6adc842fb56a3
SHA1 834ddbced68db4fe17c283ab63b2faa2e4163824
SHA256 a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
SHA512 badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

C:\Users\Admin\AppData\Local\Temp\_MEI45122\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

memory/2396-28-0x0000000000EA0000-0x0000000000EAE000-memory.dmp

memory/964-30-0x000000001B270000-0x000000001B2D6000-memory.dmp

memory/964-32-0x0000000002800000-0x0000000002834000-memory.dmp

memory/964-31-0x00000000027B0000-0x00000000027E6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 5bd603aa970502579fbc84e65f790849
SHA1 73a4d8ae9944eccc6f00cf26d49d7e4a24a916a8
SHA256 92436d46bd8230874ccca80b504d31b1952cbcafb0a8e40351ee9983a45eea53
SHA512 0c1d1ed1999a413ddab7a7930b4b1c7643ce7e62a39a535034e01159f4ef3f467860cc2d8170c9c63305fd755157a1b67008a4eb2dd5a35af53323e4f22cd99e

C:\Users\Admin\AppData\Local\Temp\7z759CB580\Uninst.exe

MD5 ad782ffac62e14e2269bf1379bccbaae
SHA1 9539773b550e902a35764574a2be2d05bc0d8afc
SHA256 1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8
SHA512 a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

memory/5540-93-0x00007FF6A1E50000-0x00007FF6A1ED3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

MD5 4e94f228db2e2f8a6498a5d87866656f
SHA1 c5c9851a1b554c04435d66c26ad0b86758d1232e
SHA256 587943fe005426ad5e53cfc8b0d687e8eb76708409dc94fecc3c9213b25a1998
SHA512 6c60f81b420ef63a5b7d8b1cc85618b5291be1932955cb99d701472923922280c55ba1a56825e80c58f476a1c7b4d1217ac987f00f4344ef472de62315bd08bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 acdad9483d3f27ed7e86c7f0116d8ad9
SHA1 dd2cfd176ad33d12ba7e6d260e1069b1dd4490c4
SHA256 bff5b4fff4b34ed3ea2754985b5ba1a8d6921517b0fa370f71f37ee0845552ba
SHA512 6e3ab4b6cfa73a7ad3c36fa621b1d2817b26e8e3613b78a40df6691d65e1486e6c2281efa0f8d3f30d2c6647b7ba3430a8be77df770f1cc575e8db76be6836a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 887f1e9ea4ab2d2838055f91659daefd
SHA1 69585a2fb6a6586db44aa35c03a5e5af8ae8c251
SHA256 c515951a94f51d2a8e4fcc5118dce59dd4436021dfc2549cdf17208e65ada428
SHA512 48d400bfa15af8c3b30246a41f13ce754aa778b239858ecfcd15450e09e4610163193e582b2d7f1012b06389fe5724cb8e19e5046485cbd45238017f3f922fdd

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 b4ae0c43c1384ec6fa598ebffc6962dc
SHA1 a36a48e9920a7b0c35862026e01561c7f3ba5d7f
SHA256 c128a221d96b7da86c410029d8c73fae3f9d5d77ef32be78a67d4c07ad37913c
SHA512 7c85f1e2b3e148ff623918a5bb3ed657e7f1cfabf90fc7a080f1fd56614004a71394390888a8ca6ec1f7a1bbdf68e72af28e50c343bbb5449b29e426961a3e13

memory/516-284-0x0000023BA8340000-0x0000023BA8341000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 afbdf1d3711afa11f990ec5f804fb723
SHA1 5f62f6fedcebad7dd4df83b28340f5e074f84f11
SHA256 15c4ed6448c7dd9c2c04c20eee5da17a227f624cb454db8ef46c2bb69c164ead
SHA512 c6b7a6de0d67908a1a339e0be59cb4a554640bd13dacc4cdf13548fba7a4d84b5a7c1534a30f7889ac05142f7cb5ba3bf71c39e35883a79673ab57cdb4169f2a

memory/2596-210-0x000001958BA70000-0x000001958BA71000-memory.dmp

memory/5300-313-0x000002A6AD3D0000-0x000002A6AD3D1000-memory.dmp

memory/5316-314-0x000001490D410000-0x000001490D411000-memory.dmp

memory/4992-260-0x0000025B18500000-0x0000025B18501000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 724940f0adc86d7a35c1d47c546b80aa
SHA1 46a842cd13646c92ae6859eaaa7bf6b874341b63
SHA256 0769381204dea0501937698ae42e3eb875df8f97a63205858526ea8789dc4a33
SHA512 b8c5b43a35c68a8cb91a6ae3db466d55b7fbee13b8e7b331dd3404d3a727789a72a689af2598f5c5ac13cb6c74fa45842dabdee84adc0b2ead0b9e61c531c30f

memory/5192-379-0x000002AB23B50000-0x000002AB23B51000-memory.dmp

memory/5136-410-0x000001FE7E790000-0x000001FE7E791000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 58d82a79edcd59e8f41fe18d93ead2d9
SHA1 ebc9b52360f8bd245fb8ccb4fe51568a29c11d3b
SHA256 133a4e59a8ce177b4992bb9aab4bdad69a237200ba3565deea437864d2630cc6
SHA512 867c1d24b3142cf29963a5ab4698b7559dd6642bef492622628b272344cde3928d7ea98e8bd955d2d703ffdaabdaf536b08e774a8fa0bfb4e5832b9476f098b5

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 ef5ca915c52c9215c156f491846d53f2
SHA1 c7f086302e482b1036a27f57fb66c0db9adbf041
SHA256 f49aa9711d0a00a7cf5503881332c2d7e9e2c0d5cc2295b16e75d8797442e62e
SHA512 4fc74cbc152ddf1fd3975ae6a751c0d6697d8e2369e080329ac8e24d69513d0ccbb0807bd63f7594951fd367cf2cbb972069e394dcf4b0fb72564aceadf9291a

memory/5228-501-0x000001F345DC0000-0x000001F345DC1000-memory.dmp

memory/5316-442-0x000001490D410000-0x000001490D411000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 507c3cfa0ce272a3ee00d2a54033f0a3
SHA1 c12d9ccf5813e34f47d09a9b03eec4f104b8ad33
SHA256 8c4d8163929ddeb58c87a83f66c96eb9e33288dbc37c974d42575a4e27b138c0
SHA512 13f4077df404b099dca4ce4d8ec74697c5bd71eff7d43d1d9d5206b4e6f43e9ae3158cf0ff005653cf77accc3b632ff41a378faeaff5c3bd808881721f2fbbe8

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 83f2eee2d2d614810e1dee80a3243a86
SHA1 96a0fb0e46d2f1f84b80ca2a47973b02b93d1d61
SHA256 c0785fe73b7b6b4f5ba5a92e1b52aea5dcd0fc2ab34b675cf3d301e447be6130
SHA512 153a6f3f4836f43a8ab56caec700be8ddaba9a912d7611314d1a534667d1582988cd6fa1b9500291f912d358ccc985272a3e9dbbf7c593ca18f049bfb9ac15bc

memory/5340-486-0x0000021588DA0000-0x0000021588DA1000-memory.dmp

memory/5300-436-0x000002A6AD3D0000-0x000002A6AD3D1000-memory.dmp

memory/5388-471-0x0000016CADE00000-0x0000016CADE01000-memory.dmp

memory/5276-406-0x0000016A75FB0000-0x0000016A75FB1000-memory.dmp

memory/2596-399-0x000001958BA70000-0x000001958BA71000-memory.dmp

memory/516-398-0x0000023BA8340000-0x0000023BA8341000-memory.dmp

memory/5684-652-0x0000023C292C0000-0x0000023C292C1000-memory.dmp

memory/6320-627-0x0000022EB5D90000-0x0000022EB5D91000-memory.dmp

memory/5876-586-0x00000116833B0000-0x00000116833B1000-memory.dmp

memory/5860-584-0x0000023D20A40000-0x0000023D20A41000-memory.dmp

memory/5592-583-0x000002BAC43F0000-0x000002BAC43F1000-memory.dmp

memory/4588-608-0x00000232F42B0000-0x00000232F42B1000-memory.dmp

memory/5592-657-0x000002BAC43F0000-0x000002BAC43F1000-memory.dmp

memory/5860-626-0x0000023D20A40000-0x0000023D20A41000-memory.dmp

memory/5412-611-0x0000021FFA870000-0x0000021FFA871000-memory.dmp

memory/5684-607-0x0000023C292C0000-0x0000023C292C1000-memory.dmp

memory/5748-606-0x000001DA24340000-0x000001DA24341000-memory.dmp

memory/6320-605-0x0000022EB5D90000-0x0000022EB5D91000-memory.dmp

memory/5748-718-0x000001DA24340000-0x000001DA24341000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 94125a10e46d062a394b4343ee3ee90a
SHA1 4398221fdeba9f34b8d4721b538bc4e1deffb466
SHA256 0fd70ad3499a3fafeafcb0a81ce6b944604f24eb9880ecdd59afabffd286de89
SHA512 d74e069aafbedcefe75e1cb2ef13538e32dab91f27c9594274498d1d75eb356bdc34622e36d1a6375afc3694822c3c8d88df05be044c95b7b448673f21dd1306

memory/5448-680-0x000001D911460000-0x000001D911461000-memory.dmp

memory/5228-658-0x000001F345DC0000-0x000001F345DC1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 586696a99c15947b828a9a93f6383c33
SHA1 d342ab5bd47e43777c4752aa2108cb7819ccd1a6
SHA256 fc37599cbe5f2ffd6d8f01049d5860ad35e03ce8b315ff2fc19efc7f228cc368
SHA512 421ae8423711e2f350edca912b1571394f2087338428085aaadae125631239f7e207298b774f7d9518c1f0fbb7c9515e15925c74d083ab91524acf2bc26b66f1

memory/9128-729-0x000002362AF20000-0x000002362AF21000-memory.dmp

memory/5592-759-0x000002BAC43F0000-0x000002BAC43F1000-memory.dmp

memory/5500-758-0x000001D5B5720000-0x000001D5B5721000-memory.dmp

memory/5684-741-0x0000023C292C0000-0x0000023C292C1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 88ad90b2a5e00580c525cb55a3fde256
SHA1 c2857384a48f8d44c02987d961b482c97eb3a8b0
SHA256 c848b2d98b055c8f9f882cb7a788003494186ad8927018ab6843637ca9b2c98d
SHA512 08376c9ce4f8d1af3d8ccbb78131be083789c7f7da45c5cc74fdab46bf1ffeba0447ef798551cbc9bb2f8bf5614f1470c535954fb8f5413bb9b8c2f5e26296af

memory/6936-793-0x000001E3B1E50000-0x000001E3B1E51000-memory.dmp

memory/5228-728-0x000001F345DC0000-0x000001F345DC1000-memory.dmp

memory/5876-757-0x00000116833B0000-0x00000116833B1000-memory.dmp

memory/5412-756-0x0000021FFA870000-0x0000021FFA871000-memory.dmp

memory/2604-695-0x0000029E58580000-0x0000029E58581000-memory.dmp

memory/5268-721-0x000001BFBA810000-0x000001BFBA811000-memory.dmp

memory/5540-988-0x0000012A75670000-0x0000012A75832000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 118d3f1088557e592533a1d42f420e8c
SHA1 a536b2a1dd23a0fce637b532418947e61d55b37a
SHA256 c58f4caee1ea936e78bf7d6996efd7c9dd8d4e632266659cdc711b216c1b179d
SHA512 1bef35a4a0b8af834a0f7c4c11ffd00449b9d24d3628bfb6b1bd098e7c53f5a140e2628d97c657831030937319122bebdd119186caaa69ed3082813914c9e05b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 984ad336917104c375e9eabccdfd3d54
SHA1 653efd5e0f7bc64063c900e32c8247d9c76ab7f9
SHA256 d3628245efa215d188f2aa49b8cd5dc5aff77f082214a49c3fd85aa7be582c5d
SHA512 9741108c5ce59180a16b7f5180e4282b83b942c14e177f1ffa1d6e0805ef0f054efb5fbbb5f0af01f62f877ab0cebca512760eb4e44fb3b7d1a7b507e9dd37b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 09f87c1af9fe6ae86427d0369072d21e
SHA1 e85ed637301826be7216a56aeaebf578220871af
SHA256 6a725b91dac7661cfb8002051ef1de2bb6a536e2adb12a3b5719b7bec6fa3d0c
SHA512 5f382fe38ac2362a0a52ecb02f8e75755c96f5c59ad90d01c465da14261d5d55241b7bf2c3790150006bcb15453cb4fcb0cd45360f2aa43e8eae0413d6ec9b42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 ef36a84ad2bc23f79d171c604b56de29
SHA1 38d6569cd30d096140e752db5d98d53cf304a8fc
SHA256 e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512 dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\da3182eb-67ee-404b-8d55-2287c12696ce.tmp

MD5 799117f2b916ed3f7df064f35a1917e7
SHA1 f318757386dfe637b2314e72467c00cb54f172eb
SHA256 a02e640b172ce4871d647bff80898dd691938931cb98f5117e9e2f43bc25c9d5
SHA512 788e7426585715818034f6fda36f67535b1eeee152b686e21a6c64b66185c413bc792475ce154631c787a12e97d4d9308779134c4e03b4eaba033b0839c2ec5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5e4d79b6a736ee9c12e72f26169a959c
SHA1 759d454d9a28879b78c3dbe258bcabe9103ed43f
SHA256 6a52c5c7a175386ffc340f50f18ae42c2b12468edb0f24b224d6d2a7ba5cb836
SHA512 1bf8fc85b8c54e12824c4588412ceca66014682d12c1ff3327d9eb03dd3e94db8bf5d05d23680d7ba04c62da1a98d95f8315ba0facaa62959d58bf2ad17600d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 dacf7c9a7530cc65102dbdf3ec61e63d
SHA1 a379e5dfcff584731b4290120e0743f0f6e607e7
SHA256 b8d79bd3cb82225e579929a43c1309609283f8d4261688f9fc8df522a2761b16
SHA512 716ab208c6b72350fd9fe94c89e3b7d5fc73c27964ce1ee290e58fe947d356b7f3322cf00901b5b344f8d110908e6040af810664438abec94a78241793860fc7

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 8a524dc0d66b57c2268c38679815253c
SHA1 19be5368f4571ddfb3ac9a5a3bccf2bd75427c24
SHA256 a3dee7805c7575c804b5b793ef70fdb6cb91e27ae1a6578662cc4437a627df0f
SHA512 b3ded4cd10fc41c798de172e4d1c66cdcd93629f01b72a2eb97f730b9f0d5eb3932562483c672735c8f3353126fafbe5221ce9269b542110455ae16a2db7bad0

memory/7772-1651-0x000001B854880000-0x000001B854888000-memory.dmp

memory/7772-1659-0x000001B86F910000-0x000001B8706A0000-memory.dmp

memory/7772-1661-0x000001B8548B0000-0x000001B8548BA000-memory.dmp

memory/7772-1664-0x000001B8548F0000-0x000001B854918000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 2aaedd025db8339c1acc6c228e3041fb
SHA1 aadd66dd68fa3bdcfa5dbd6c5325d790f4654140
SHA256 03474988d3cec89fb76d889a0afa872553b69c7ce6c5a943f12f52a7b2f5fed6
SHA512 b7532c5f6057c4e7bb1b93695ed6b382aa72c96277dc1661ac99966f856c4a5042d2a92bec1abdf6e249fd11d265d7b9cdffe1351cd50e49ed328a280f276a07

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 2ae0b90daa9de899f2de5af075f0e371
SHA1 3d2ed6a7de1815377e52aa4d08009dc227f9c373
SHA256 a677de8b704bd3a388c57754416b86438cee2ac3b4e1431001338ff492f8714f
SHA512 a67535f0421fc6d1d2d7c2b0859ac4eec4154cf30c1d6ddf7132164f36b8fd9d349361ade7330e6bf269a393c64ab2ac778e0088c6777940dfe91033a6e6a002

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 725d4b588234ac2148f1c1ddfee549a9
SHA1 4a62a12d2b47ebbfc7ca10262a20a8695c7366b8
SHA256 c579598a93b031f5687d623ef82877e79c08fb11ea5aa73d62cc90f97fb0cbbb
SHA512 a8473b4666bcc7cfd75e0d6e1464b537db1fa5215230a1bd9077e2ec5016e33e71383e3daff5da57107dfdfe7ea8b209394ed66dcfb3fbbc948727fa097a611a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c74541505fa89fd852c366db2c4c950b
SHA1 b1744f1610745d878d7665975bc6527cf43f7711
SHA256 6ffa30b03e090d2317526cc153b838721968c9d80ac9b1a8d45f6e54d1797e75
SHA512 8109ced2ab28d83f3bf10dbb8953ed15b01dc1b8c7893c2673d1aa4c8248fc8c195b228663b08bfc368de8568f864c02789581a055655b0be0caa7e615755fb6

memory/14564-1922-0x00007FF6A1E50000-0x00007FF6A1ED3000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_B40B160CC7E84BD796AA8C66D54A429B.dat

MD5 5b704e9f3713f8168f6d07fc3a49152a
SHA1 ef1a783dfc38b7f931ca1fc0d410c5c0bcdfdce2
SHA256 97f532c041c7c096635414984e71ef43decec63c66d0efdf959216e7b9ab9dda
SHA512 38a58175363adad4df3455f38b1ed60e8b7fb8b1e248efe99aeb3bc51632fc5ba2290ee539b8285512d59978e29b90986dbee7f0cb3f91a53f3747d62fd9b0cc

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 5a94549b874cf1c1af374f016a7a9c8c
SHA1 e3321bb884b36ba58eaef4a08c2efde3f1214cd6
SHA256 08f0578770229cb869d510be98dd24e93d332418c0a0f5fd43fa3a4cfec5e9ad
SHA512 111251b36d9563705a84e86f2a8865f0def0939aa9c66edabf1aa574873bca778cd8541c62d18a49a4e568fddb00b59148f11816b1323cd8910edf0a44bbc143

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 00cc09c9b847864e82259ec81698f37a
SHA1 1febe7696160b33e66295c7a0031046eb32582c2
SHA256 635a66c19cd5abdc890c20beee702c3641bab20ffc248705f90001819f97134f
SHA512 a3e3e785b0f580bb71375b18667b21ad9cde35ff3736233620bd36e017cf6a845744cfecf03da80d23c6b591d701dfb63ebeb2f2e971792fc4187ae80fe09731

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 716575e6bfdc9882b86878042fd9bd29
SHA1 ca557782764c525506cdf265521fd919f82a2bb9
SHA256 807152c0fde4a3d1945443618dc0eda0addec80adf3cb78cb86616598434f0ee
SHA512 5e8223d9a0b42da6d605a13c2554fe26e1631688204035a6e202bb002b687641d6e3fe71cc9176f6101fcc414675061c85fcc010a9c3aea3d2278f999bf350b9

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 231ab8306e5800b6cbc59ce55399ae1d
SHA1 ca112ebc80f13e85d7eba1977891ca25f1bb2342
SHA256 f3fb7ee6b2a2d6bd25be60f249629c7a877343681752c6190d5140af324de064
SHA512 2c1184f6417f199fe9d6aedb0b0fc86696320fdf9680cf67123b3c8eecf6de62f5284056c4c9373d023f5ac6bbbf19e7f8183b29e5a5091c8b5a90b8cd8b8f7b

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 e997d7d4fae2b424fb551b171ef4a535
SHA1 f9aba0d006ba9aaf7d33e7c50a044967e59e484c
SHA256 8a7ceea0885ebb23845c6e647d121c6d2ee0de117bbc18a3fd1e3a84c06e8594
SHA512 3825e69020c1941e1a60b0f6e0e46dc33819a304c61154c320808494305e9f4e5e8a2b1a8e0318a72b004364c95e43e744904f55aba7b1fe096169eef970e9b0

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 2fa2fe29d5df03c7d9eb4febd3377e0d
SHA1 0c2b77fefa70c3d213be4b9fe3930e1b4f874d52
SHA256 ab0bdd73dda689c9f18b9ea25de2a5687f4801e9499bacb7b9ff4be77c1f622c
SHA512 0dc4a5ac182634febe947abcc544721b887fe994a3585b90d0e9def0c62929a5a3cdab3d0ff59d7cb8fb91cd76a0f9ad5f6c0525b4ffe75f6a4185889fffaa2c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\Telemetry.FailedProfileLocks.txt

MD5 a5771bce93e200c36f7cd9dfd0e5deaa
SHA1 5b384ce32d8cdef02bc3a139d4cac0a22bb029e8
SHA256 aea92132c4cbeb263e6ac2bf6c183b5d81737f179f21efdc5863739672f0f470
SHA512 caae34a5e81031268bcdaf6f1d8c04d37b7f2c349afb705b575966f63e2ebf0fd910c3b05160ba087ab7af35d40b7c719c53cd8b947c96111f64105fd45cc1b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\Telemetry.FailedProfileLocks.txt

MD5 d9d4f495e875a2e075a1a4a6e1b9770f
SHA1 fe2ef495a1152561572949784c16bf23abb28057
SHA256 25fc0e7096fc653718202dc30b0c580b8ab87eac11a700cba03a7c021bc35b0c
SHA512 9c3211509a9eee80f881f6b6666ab82df6bec222c84ba583c5bb636a0a0d811d850524e9adba61950e09fcd06ffacdd0ee164220ac09a2319b2f35db219fc8c9

C:\Users\Admin\Documents\Scanned Documents\Welcome Scan.jpg

MD5 73d4281e46a68222934403627e5b4e19
SHA1 0f1c29cea7ea24ebb75c95114e0b0d26438e1d39
SHA256 aac4ac970ec47cd95dc7c65d7d38d29c1f948be24d5dad1d5aa21053125367c7
SHA512 bb7aad10e5accd3f5c0f6b2968973034a2f7c2523401eb234b2de0cdad2dc13f4fd58d08ece94ec06420a52b3d371ba832f8fb4741f48799703bdf32a4daf555

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3e39804b1f60013dfc12594323a11962
SHA1 d67dab2626075babb8ab963aff00f761fb01baab
SHA256 e3408cd57d587d3670250915baf2c90326a34d62d06d836f5c42f795e50b1048
SHA512 aaf41bea8ba8a75f90c56f70fcef08df273a34303225eb69deb72f49b686e76adbbf6cb6d8909c3a096f077b89682966fd7f283e1031a58de3b836cbd1caf2b5

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar

MD5 4f9f42a2c5524bf0ce187c5dcb517b89
SHA1 b54ff1e485ee0605753e23f254e288f9a79cc59d
SHA256 e271e41f800f3f25e0f9fe212f2e31e6a57b74d28b89fd3425deb42a6a1b411a
SHA512 45eb73dae61b6cb855a33966b6c3f1f064a15714761e3075eda105f72adf3780b05dbfbcca75fb47734ca47bb6abe4a1db075d30b1db748ffca11d9928d6cdbc

memory/32264-3508-0x0000000000AB0000-0x0000000000B24000-memory.dmp

memory/32280-3509-0x00000000002E0000-0x0000000000310000-memory.dmp

memory/32264-3510-0x0000000005750000-0x0000000005C4E000-memory.dmp

memory/32264-3511-0x0000000005140000-0x00000000051D2000-memory.dmp

memory/32264-3512-0x00000000050E0000-0x00000000050EA000-memory.dmp

memory/32280-3518-0x0000000002910000-0x000000000291A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a94a6cdb93fdba0e8394b1f6507457d7
SHA1 ea50fd15a642ce8b81c738e0b76fa52b80e8c643
SHA256 9119d69621527843343ed881e5c40573b1271ce2abf6d2eb8bc80340d0ce4d53
SHA512 82a5cb03514b521ec2530c2d98613263ebb537b3504b717c0b14a251f009f285ed1b677eab7c54d2d7545670dbc4870734d73acf34f5f79763e60ceee438545a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

MD5 23d0b4f907ccad0972b69181a04db56a
SHA1 f54b23779ebe95af3998273b3c8652339ddfc61e
SHA256 894e96f539866e3775034995e2209402f803fb4f8e308a3be727ae5219bbe7e2
SHA512 4b4da971b024208df2352d2968a944cf61278b917b994a961dfd351f53dfd753d9f5ac1638c8dd90a6c584187b2951c2733b67b31ca615f8971cf36e85027180

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

MD5 9de7a4addef25cfe78c3772e3d10715b
SHA1 9184de92b5c547eb087d46b80134428be69fed69
SHA256 1fa16e67841270dbfe61ea4f2eb1cf4ecd18f1edb99d0cb267ff47d53f0d62ac
SHA512 b6b412c35c42d61e96564f9011401e5117a97e6cece682ac452ac0e7371a90e2982a3ea9d8806923bb9d6276e82ddea1041f4c0e349a2b876d6ae721c3679143

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\c28ee0ef-84b5-4a2f-a398-9210e6e0ae5a

MD5 60bb23342f0345a7b56c321a2d182ee5
SHA1 5f144b2a5482f085f08d7cf51e9d42a51f402af6
SHA256 8ece3a48b8b5d9f7b096092b3a0351b99d98b8386f9fce3055b16804f9982deb
SHA512 96c87003ef20217a4d99c81d25c50fe39cc2e749b37111f0d18fef4a18ed79c3db3d9498da20c9a33e5a3c20f0aac79897bd5890896c61e15505f74931ea9ff3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\609721c8-99ac-4537-8d8f-75b18de7b40b

MD5 d00658cb122b89179b63452dfab0ae02
SHA1 afcc34ffded7d1dcb76d6cdeb89c17d1098cd18c
SHA256 5ac07059fef708c02aec0ba4049c9fa272582b105a72a64a05a5c6731e7d0197
SHA512 0d0f3a4d1d06b187fecf90862e7e1f904dd20424948387a44dde5383bde62ecee7d3141cade47e39495c059398641b6001344c660ca31988fe62f9cf65a7a69f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

MD5 2292aecc05723d8e1449cc03217bb4b0
SHA1 58d4bfe2afdfbe1217396fa0ae5187dc252e04a9
SHA256 52d49c3a2a32d84835e4c41c93135be233347b7b7471665fe94d0bbedb284810
SHA512 0f704ccc4cd83e596d8a3f5e641104b177c461ae7b9fadb19e0977d3eaec3373642508246c364bd71e7ee0393b15307c2cd87737cd3be8b07b8b303e51e5401c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4b755edb430d3d1c6a4c2b3a8f7afe8b
SHA1 730d5c793d9465a08f3e1223e871ecdefe086923
SHA256 d26390dc7392713d13d59ae70f1b2f3ba1513c468092748973c216f5dbdb8f95
SHA512 dc7260b4c4abb52382cdd45c1efaf13f6df5f56c2b9cf08a5f5990f14e57038c7333ac96634579f9cf18306a2067bf48b1e7355e95dc6df4754858008db2d176

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9d06586f2c194a505b40c9e56fcd957e
SHA1 3f735efdc9db36157704e5fccf900a7d171982d0
SHA256 edcff410f38b9fcaab0bd104524d82b915f49ade93149ec36da2be12a8444946
SHA512 4f96f6d7cb4378c2ea178503fc6a6e3fe0d40b6fa4aab4b246d9e08f63ff8eecc9e9d69f802cc6599389b494507ce17bea2d953cb1f1a8402a5aeb4df8686b15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1ef2ac112fa1899a91a565994ae9a3cd
SHA1 13f39e99528c6c8ff50b9755565e5aa7e63fc4b9
SHA256 a4854777451a250014197a8c0757b7e9034f4901ab115ae204ef672c6ee9ed78
SHA512 04d75aae1f7fea4a8ba99536b508dcf8cad86d59b602c0909f40b279e71dfc150f3a37fa03d95ce904e0b0f578daf64b5ea15c8e5d6783e85f43f56d0b3f49fc

memory/32264-4146-0x0000000005C50000-0x0000000005E08000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

memory/32264-4147-0x0000000005E10000-0x0000000006160000-memory.dmp

memory/32264-4148-0x00000000056F0000-0x0000000005702000-memory.dmp

memory/32264-4155-0x00000000066A0000-0x0000000006A5A000-memory.dmp

memory/25136-4153-0x00007FF97D700000-0x00007FF97D731000-memory.dmp

memory/32264-4157-0x0000000006A60000-0x0000000006D02000-memory.dmp

memory/32264-4158-0x0000000007090000-0x0000000007406000-memory.dmp

memory/32264-4156-0x0000000006330000-0x000000000637E000-memory.dmp

memory/25136-4151-0x000000001CF60000-0x000000001CF91000-memory.dmp

memory/32264-4195-0x0000000008110000-0x0000000008132000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8150efd902885364c997f75ebc40aae1
SHA1 d7ef54c8df4bbf79692198318a229f9e07580eb2
SHA256 278e5a0bcdc38c341a19d0940bb13d24bcca167c130c8821dd8cc9ecd10fbf23
SHA512 2d5da1fa8eb070450a876a29b56e13e62ea7c1ac98a2856eb9d2b877d209615b7b2b3c1fde145fae04c70ec179d2fd96e0fbbc49bf73196a867c1c7c410ec60e

C:\Windows\Installer\MSIC63D.tmp

MD5 67f23a38c85856e8a20e815c548cd424
SHA1 16e8959c52f983e83f688f4cce3487364b1ffd10
SHA256 f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40
SHA512 41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

memory/32264-4334-0x0000000008060000-0x000000000806A000-memory.dmp

memory/32264-4336-0x000000000A220000-0x000000000A22E000-memory.dmp

memory/32264-4335-0x000000000AAD0000-0x000000000AB3C000-memory.dmp

memory/26968-4490-0x000000001C860000-0x000000001CD44000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

MD5 ad4e69b51d4be80ee07953e6e7fa8d60
SHA1 518c9c370fb40c0effb17247ef2b8cdc270e2933
SHA256 7d07fb8323246b9bebbb4e34a8c8509b77918a227df8dd30db06eed4f325c219
SHA512 790fb675d9a0d0cbe58918d0e94633ea1c0e8fde5c3393154c0387cc1a547797ca03088f52e15efaa4f7fce29e7ec66b1c72dcd758d3b1e0e258b31bca8e6f6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

MD5 adc432340f128b91f4e453ad57fda02b
SHA1 d9f07d0800e97eccb27d7f09f6947692a68b44dc
SHA256 6c1b44bc7bd328b42d69fc372ef029500da16a336d75446eead8a7584a1cca1a
SHA512 3a771dc47000c1e5210e8b811d2741cd9cc1aeca871db75f211f6d2b45c4057222d03a98f5fa030315a5eecd0951411d1bb104062708558ea4411ce55acb3a2f

C:\Windows\Installer\MSIFFE0.tmp

MD5 be0b6bea2e4e12bf5d966c6f74fa79b5
SHA1 8468ec23f0a30065eee6913bf8eba62dd79651ec
SHA256 6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164
SHA512 dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b8313266f6aa131a256568f5a6f02ab5
SHA1 4f4ff0a8ff09af6a0b8c92ee554a85b13897a439
SHA256 b0e27aa6ce95d77fa48369d735d5f35f4b51ea3296fe3861f8e05e17b9d5a2fa
SHA512 59ce23333876140085704841401c21c1bfd14da1c27b0555eba87d3a85e65bef6d0ef77d19de9a9226c3f77bd3dd6be9ef78f55dbef2340135c013be54242ce5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8a962076e8c732448eb69290f7232faa
SHA1 38c98f5765737de8cc1581ce18c1c75154534c53
SHA256 d690d5bab612496005da1709885f9bd62515d6112775bdca235c509302768172
SHA512 4b1d5c4eb4b1441cd3638eb91696ac5f86589a980db9b49062afd2bee39c346e2059b725c6b0a90253dbcfb170668a2f402bc9f15178cce81e42d67c77f91d2d

C:\Program Files\Google\Chrome\Application\SetupMetrics\5bb13ba3-a633-4456-8c59-84a3cf1f1fed.tmp

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

memory/376-6656-0x00007FF6A1E50000-0x00007FF6A1ED3000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 9a5bd17c9dfb7665edde0c3ac21dfcd8
SHA1 d362c18e037e0c8e2d8e21c9c13f5c9f0f7fd42b
SHA256 95f976ab855908c02330bcbae50fcc69dc6d803c29a9331b140d9be0c015ba0c
SHA512 e21d18d24228eec976247d513bb0f143a7b118d788140ddef6d0c85b3ffd492381976a35b65e95a2c50d9cbdf97431427f433c762870128dfa543e52a8f86ad2

C:\Users\Admin\AppData\Local\Temp\TCD8FE1.tmp\gb.xsl

MD5 51d32ee5bc7ab811041f799652d26e04
SHA1 412193006aa3ef19e0a57e16acf86b830993024a
SHA256 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA512 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

C:\Users\Admin\AppData\Local\Temp\cab9283.tmp

MD5 89a9818e6658d73a73b642522ff8701f
SHA1 e66c95e957b74e90b444ff16d9b270adab12e0f4
SHA256 f747dd8b79fc69217fa3e36fae0ab417c1a0759c28c2c4f8b7450c70171228e6
SHA512 321782b0b633380da69bd7e98aa05be7fa5d19a131294cc7c0a598a6a1a1aef97ab1068427e4223aa30976e3c8246ff5c3c1265d4768fe9909b37f38cbc9e60d

C:\Users\Admin\AppData\Local\Temp\cab9296.tmp

MD5 e3c64173b2f4aa7ab72e1396a9514bd8
SHA1 774e52f7e74b90e6a520359840b0ca54b3085d88
SHA256 16c08547239e5b969041ab201eb55a3e30ead400433e926257331cb945dff094
SHA512 7ed618578c6517ed967fb3521fd4dbed9cdfb7f7982b2b8437804786833207d246e4fcd7b85a669c305be3b823832d2628105f01e2cf30b494172a17fc48576d

C:\Users\Admin\AppData\Local\Temp\cab9294.tmp

MD5 0ebc45aa0e67cc435d0745438371f948
SHA1 5584210c4a8b04f9c78f703734387391d6b5b347
SHA256 3744bfa286cfcff46e51e6a68823a23f55416cd6619156b5929fed1f7778f1c7
SHA512 31761037c723c515c1a9a404e235fe0b412222cb239b86162d17763565d0ccb010397376fb9b61b38a6aebdd5e6857fd8383045f924af8a83f2c9b9af6b81407

C:\Users\Admin\AppData\Local\Temp\cab8E5B.tmp

MD5 4efa48ec307eaf2f9b346a073c67fcfb
SHA1 76a7e1234ff29a2b18c968f89082a14c9c851a43
SHA256 3ee9ae1f8dab4c498bd561d8fcc66d83e58f11b7bb4b2776df99f4cda4b850c2
SHA512 2705644d501d85a821e96732776f61641fe82820fd6a39ffaf54a45ad126c886dc36c1398cdbdbb5fe282d9b09d27f9bfe7f26a646f926da55dff28e61fbd696

C:\Users\Admin\AppData\Local\Temp\cab8E3A.tmp

MD5 abbf10cee9480e41d81277e9538f98cb
SHA1 f4ea53d180c95e78cc1da88cd63f4c099bf0512c
SHA256 557e0714d5536070131e7e7cdd18f0ef23fe6fb12381040812d022ec0fee7957
SHA512 9430daacf3ca67a18813ecd842be80155fd2de0d55b7cd16560f4aaefda781c3e4b714d850d367259caab28a3bf841a5cb42140b19cfe04ac3c23c358ca87ffb

C:\Users\Admin\AppData\Local\Temp\cab93F0.tmp

MD5 ef9cb8bdfbc08f03bef519ad66ba642f
SHA1 d98c275e9402462bf52a4d28faf57df0d232af6b
SHA256 93a2f873acf5bead4bc0d1cc17b5e89a928d63619f70a1918b29e5230abead8e
SHA512 4dfbdf389730370fa142dcfb6f7e1ac1c0540b5320fa55f94164c0693db06c21e6d4a1316f0abe51e51bcbdab3fd33ae882d9e3cfdb4385ab4c3af4c2536b0b3

C:\Users\Admin\AppData\Local\Temp\cab9455.tmp

MD5 b9a6ff715719ee9de16421ab983ca745
SHA1 6b3f68b224020cd4bf142d7edaaec6b471870358
SHA256 e3be3f1e341c0fa5e9cb79e2739cf0565c6ea6c189ea3e53acf04320459a7070
SHA512 062a765ac4602db64d0504b79be7380c14c143091a09f98a5e03e18747b2166bd862ce7ef55403d27b54ceb397d95bfae3195c15d5516786febdac6cd5fbf9cd

C:\Users\Admin\AppData\Local\Temp\cab94B6.tmp

MD5 8b29fab506fd65c21c9cd6fe6bbbc146
SHA1 ce1b8a57bb3c682f6a0afc32955dafd360720fdf
SHA256 773ac516c9b9b28058128ec9be099f817f3f90211ac70dc68077599929683d6f
SHA512 afa82ccbc0aef9fae4e728e4212e9c6eb2396d7330ccbe57f8979377d336b4dacf4f3bf835d04abcebcdb824b9a9147b4a7b5f12b8addadf42ab2c34a7450ade

C:\Users\Admin\AppData\Local\Temp\cab967F.tmp

MD5 748a53c6bdd5ce97bd54a76c7a334286
SHA1 7dd9eedb13ac187e375ad70f0622518662c61d9f
SHA256 9af92b1671772e8e781b58217dab481f0afbcf646de36bc1bffc7d411d14e351
SHA512 ec8601d1a0dbd5d79c67af2e90fad44bbc0b890412842bf69065a2c7cb16c12b1c5ff594135c7b67b830779645801da20c9be8d629b6ad8a3ba656e0598f0540

C:\Users\Admin\AppData\Local\Temp\cab967D.tmp

MD5 97f5b7b7e9e1281999468a5c42cb12e7
SHA1 99481b2fa609d1d80a9016adaa3d37e7707a2ed1
SHA256 1cf5c2d0f6188ffff117932c424cc55d1459e0852564c09d7779263abd116118
SHA512 ace9718d724b51fe04b900ce1d2075c0c05c80243ea68d4731a63138f3a1287776e80bd67ecb14c323c69aa1796e9d8774a3611fe835ba3ca891270de1e7fd1f

C:\Users\Admin\AppData\Local\Temp\cab9452.tmp

MD5 7c645ec505982fe529d0e5035b378ffc
SHA1 1488ed81b350938d68a47c7f0bce8d91fb1673e2
SHA256 298fd9dadf0acebb2aa058a09eebfae15e5d1c5a8982dee6669c63fb6119a13d
SHA512 9f410da5db24b0b72e7774b4cf4398edf0d361b9a79fbe2736a1ddd770afe280877f5b430e0d26147cca0524a54ea8b41f88b771f3598c2744a7803237b314b2

C:\Users\Admin\AppData\Local\Temp\cab9451.tmp

MD5 7bf88b3ca20eb71ed453a3361908e010
SHA1 f75f86557051160507397f653d7768836e3b5655
SHA256 e555a610a61db4f45a29a7fb196a9726c25772594252ad534453e69f05345283
SHA512 2c3dfb0f8913d1d8ff95a55e1a1fd58ce1f9d034268cd7bc0d2bf2dcefea8ef05dd62b9afde1f983cacadd0529538381632adfe7195eac19ce4143414c44dbe3

C:\Users\Admin\AppData\Local\Temp\cab971D.tmp

MD5 f913dd84915753042d856cec4e5daba5
SHA1 fb1e423c8d09388c3f0b6d44364d94d786e8cf53
SHA256 aa03afb681a76c86c1bd8902ee2bba31a644841ce6bcb913c8b5032713265578
SHA512 c48850522c809b18208403b3e721abeb1187f954045ce2f8c48522368171cc8faf5f30fa44f6762afde130ec72284bb2e74097a35fe61f056656a27f9413c6b6

C:\Users\Admin\AppData\Local\Temp\cab9450.tmp

MD5 d30ad26dbb6deca4fdd294f48edad55d
SHA1 ca767a1b6af72cf170c9e10438f61797e0f2e8ce
SHA256 6b1633dd765a11e7ed26f8f9a4dd45023b3e4adb903c934df3917d07a3856bff
SHA512 7b519f5d82ba0da3b2effad3029c7cab63905d534f3cf1f7ea3446c42fa2130665ca7569a105c18289d65fa955c5624009c1d571e8960d2b7c52e0d8b42be457

C:\Users\Admin\AppData\Local\Temp\cab978C.tmp

MD5 c47e3430af813df8b02e1cb4829dd94b
SHA1 35f1f1a18aa4fd2336a4ea9c6005dbe70013c7fc
SHA256 f2db1e60533f0d108d5fb1004904c1f2e8557d4493f3b251a1b3055f8f1507a3
SHA512 6f8904e658eb7d04c6880f7cc3ec63fcfe31ef2c3a768f4ecf40b115314f23774daee66dce9c55faf0ad31075a3ac27c8967fd341c23c953ca28bdc120997287

C:\Users\Admin\AppData\Local\Temp\cab9BDC.tmp

MD5 1c12315c862a745a647dad546eb4267e
SHA1 b3fa11a511a634eec92b051d04f8c1f0e84b3fd6
SHA256 4e2e93ebac4ad3f8690b020040d1ae3f8e7905ab7286fc25671e07aa0282cac0
SHA512 ca8916694d42bac0ad38b453849958e524e9eed2343ebaa10df7a8acd13df5977f91a4f2773f1e57900ef044cfa7af8a94b3e2dce734d7a467dbb192408bc240

C:\Users\Admin\AppData\Local\Temp\cab9BCA.tmp

MD5 486cbcb223b873132ffaf4b8ad0ad044
SHA1 b0ec82cd986c2ab5a51c577644de32cfe9b12f92
SHA256 b217393fd2f95a11e2c594e736067870212e3c5242a212d6f9539450e8684616
SHA512 69a48bf2b1db64348c63fc0a50b4807fb9f0175215e306e60252fffd792b1300128e8e847a81a0e24757b5f999875da9e662c0f0d178071db4f9e78239109060

C:\Users\Admin\AppData\Local\Temp\cab9BB9.tmp

MD5 9a07035ef802bf89f6ed254d0db02ab0
SHA1 9a48c1962b5cf1ee37feec861a5b51ce11091e78
SHA256 6cb03cebab2c28bf5318b13eeee49fbed8dcedaf771de78126d1bfe9bd81c674
SHA512 be13d6d88c68fa16390b04130838d69cdb6169dc16af0e198c905b22c25b345c541f8fccd4690d88be89383c19943b34edc67793f5eb90a97cd6f6eccb757f87

C:\Users\Admin\AppData\Local\Temp\cab9BB7.tmp

MD5 66c5199cf4fb18bd4f9f3f2ccb074007
SHA1 ba9d8765ffc938549cc19b69b3bf5e6522fb062e
SHA256 4a7dc4ed098e580c8d623c51b57c0bc1d601c45f40b60f39bba5f063377c3c1f
SHA512 94c434a131cde47cb64bcd2fb8af442482f8ecfa63d958c832eca935deb10d360034ef497e2ebb720c72b4c1d7a1130a64811d362054e1d52a441b91c46034b0

C:\Users\Admin\AppData\Local\Temp\cab9BA5.tmp

MD5 e532038762503ffa1371df03fa2e222d
SHA1 f343b559ae21daef06cbcd8b2b3695de1b1a46f0
SHA256 5c70dd1551eb8b9b13efafeeaf70f08b307e110caee75ad9908a6a42bbccb07e
SHA512 e0712b481f1991256a01c3d02ed56645f61aa46eb5de47e5d64d5ecd20052cda0ee7d38208b5ee982971cca59f2717b7cae4dfcf235b779215e7613aa5dcd976

C:\Users\Admin\AppData\Local\Temp\cabA3C5.tmp

MD5 e29ce2663a56a1444eaa3732ffb82940
SHA1 767a14b51be74d443b5a3feff4d870c61cb76501
SHA256 3732eb6166945db2bf792da04199b5c4a0fb3c96621ecbfdeaf2ea1699ba88ee
SHA512 6bc420f3a69e03d01a955570dc0656c83c9e842c99cf7b429122e612e1e54875c61063843d8a24db7ec2035626f02ddabf6d84fc3902184c1eff3583dbb4d3d8

C:\Users\Admin\AppData\Local\Temp\cabA3C4.tmp

MD5 84d8f3848e7424cbe3801f9570e05018
SHA1 71d7f2621da8b295ce6885f8c7c81016d583c6b1
SHA256 b4bc3cd34bd328aaf68289cc0ed4d5cf8167f1ee1d7be20232ed4747ff96a80a
SHA512 e27873bfd95e464cb58b3855f2da404858b935530cf74c7f86ff8b3fc3086c2faea09fa479f0ca7b04d87595ed8c4d07d104426ff92dfb31bed405fa7a017da8

C:\Users\Admin\AppData\Local\Temp\cabA3B1.tmp

MD5 21437897c9b88ac2cb2bb2fef922d191
SHA1 0cad3d026af2270013f67e43cb44f0568013162d
SHA256 372572dcbad590f64f5d18727757cbdf9366dde90955c79a0fcc9f536dab0384
SHA512 a74da3775c19a7af4a689fa4d920e416ab9f40a8bda82ccf651ddb3eacbc5e932a120abf55f855474cebed0b0082f45d091e211aaea6460424bfd23c2a445cc7

C:\Users\Admin\AppData\Local\Temp\cabA501.tmp

MD5 f93364eec6c4ffa5768de545a2c34f07
SHA1 166398552f6b7f4509732e148f93e207dd60420b
SHA256 296b915148b29751e68687ae37d3fafd9ffddf458c48eb059a964d8f2291e899
SHA512 4f0965b4c5f543b857d9a44c7a125ddd3e8b74837a0fdd80c1fdc841bf22fc4ce4adb83aca8aa65a64f8ae6d764fa7b45b58556f44cfce92bfac43762a3bc5f4

C:\Users\Admin\AppData\Local\Temp\cabA3B0.tmp

MD5 65828dc7be8ba1ce61ad7142252acc54
SHA1 538b186eaf960a076474a64f508b6c47b7699dd3
SHA256 849e2e915aa61e2f831e54f337a745a5946467d539ccbd0214b4742f4e7e94ff
SHA512 8c129f26f77b4e73bf02de8f9a9f432bb7e632ee4abad560a331c2a12da9ef5840d737bfc1ce24fdcbb7ef39f30f98a00dd17f42c51216f37d0d237145b8de15

C:\Users\Admin\AppData\Local\Temp\cabA3AE.tmp

MD5 ee0129c7cc1ac92bbc3d6cb0f653fcae
SHA1 4abaa858176b349bdab826a7c5f9f00ac5499580
SHA256 345aa5ca2496f975b7e33c182d5e57377f8b740f23e9a55f4b2b446723947b72
SHA512 cddabe701c8cba5bd5d131abb85f9241212967ce6924e34b9d78d6f43d76a8de017e28302ff13ce800456ad6d1b5b8ffd8891a66e5be0c1e74cf19df9a7ad959

C:\Users\Admin\AppData\Local\Temp\cabA66A.tmp

MD5 d4eac009e9e7b64b8b001ae82b8102fa
SHA1 d8d166494d5813db20ea1231da4b1f8a9b312119
SHA256 8b0631da4dc79e036251379a0a68c3ba977f14bcc797ba0eb9692f8bb90ddb4d
SHA512 561653f9920661027d006e7def7fb27de23b934e4860e0df78c97d183b7cebd9dce0d395e2018eef1c02fc6818a179a661e18a2c26c4180afee5ef4f9c9c6035