Malware Analysis Report

2024-11-30 13:31

Sample ID 240604-q6jftshf2x
Target q.exe
SHA256 f9e5e1df07eb55a62dbee2ac0188c4b0497f3878219059b2a65c13701529c744
Tags
pyinstaller discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

f9e5e1df07eb55a62dbee2ac0188c4b0497f3878219059b2a65c13701529c744

Threat Level: Shows suspicious behavior

The file q.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller discovery

Loads dropped DLL

Modifies file permissions

Detects Pyinstaller

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 13:52

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 13:52

Reported

2024-06-04 13:55

Platform

win10-20240404-en

Max time kernel

3s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\q.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\q.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\q.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4384 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Users\Admin\AppData\Local\Temp\q.exe
PID 4384 wrote to memory of 2744 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Users\Admin\AppData\Local\Temp\q.exe
PID 2744 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4756 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 3604 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1352 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1376 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1344 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4288 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4224 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 4568 wrote to memory of 1716 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
PID 4568 wrote to memory of 1716 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
PID 2744 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4512 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 1344 wrote to memory of 4564 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
PID 1344 wrote to memory of 4564 N/A C:\Windows\system32\cmd.exe C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
PID 2744 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4284 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 712 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 2128 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe
PID 2744 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\q.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\q.exe

"C:\Users\Admin\AppData\Local\Temp\q.exe"

C:\Users\Admin\AppData\Local\Temp\q.exe

"C:\Users\Admin\AppData\Local\Temp\q.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7z.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zG.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe

"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

"C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

"C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Program Files\Java\jdk-1.8\bin\jar.exe

"C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"

C:\Program Files\Java\jdk-1.8\bin\javac.exe

"C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\java.exe"

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

"C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jre-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msoia.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe"

C:\Program Files\Java\jdk-1.8\bin\javah.exe

"C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe"

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\crashreporter.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\default-browser-agent.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\maintenanceservice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\pingsender.exe"

C:\Program Files\Java\jdk-1.8\bin\javap.exe

"C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\plugin-container.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\private_browsing.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\updater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MpCmdRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MpUXSrv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MSASCui.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MSASCuiL.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\MsMpEng.exe"

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\NisSrv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\wab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\wabmig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Mail\WinMail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\setup_wm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpconfig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmprph.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Media Player\wmpshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Builder3D.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\AppxClickHandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\MessagingApplication.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\3DViewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\3DViewer.ResourceResolver.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Office16\OfficeHubWin32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Solitaire.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

"C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteim.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\onenoteshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\PeopleApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe\PurchaseApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Time.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\WindowsCamera.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxAccounts.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxMail.exe"

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

"C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\PilotshubApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Maps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\SoundRec.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\WinStore.App.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\XboxApp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\GameBar.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\XboxIdp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\SpeechToTextOverlay64-Retail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Music.UI.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Video.UI.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

"C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe"

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

"C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

"C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\java.exe"

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaw.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Google\Update\Install\{16192F7A-F8D4-4DCE-BE88-BF122FCFADB8}\chrome_installer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ExtExport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ieinstal.exe"

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

"C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\ielowutil.exe"

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

"C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

"C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\wab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\wabmig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Mail\WinMail.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmprph.exe"

C:\Program Files\Java\jdk-1.8\bin\jps.exe

"C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Media Player\wmpshare.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk"

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

"C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk"

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

"C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk"

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk"

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

"C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk"

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk"

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Upload Center.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Dashboard for Office.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetry Log for Office.lnk"

C:\Program Files\Java\jdk-1.8\bin\klist.exe

"C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

"C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

"C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Java\jdk-1.8\bin\rmid.exe

"C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe

"C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Program Files\Java\jdk-1.8\bin\schemagen.exe

"C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe"

C:\Program Files\Java\jre-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jre-1.8\bin\jabswitch.exe"

C:\Program Files\Java\jre-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jre-1.8\bin\java-rmi.exe"

C:\Program Files\Java\jre-1.8\bin\java.exe

"C:\Program Files\Java\jre-1.8\bin\java.exe"

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe"

C:\Program Files\Java\jre-1.8\bin\jjs.exe

"C:\Program Files\Java\jre-1.8\bin\jjs.exe"

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"

C:\Program Files\Java\jre-1.8\bin\policytool.exe

"C:\Program Files\Java\jre-1.8\bin\policytool.exe"

C:\Program Files\Java\jre-1.8\bin\klist.exe

"C:\Program Files\Java\jre-1.8\bin\klist.exe"

C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe

"C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe"

C:\Program Files\Java\jre-1.8\bin\servertool.exe

"C:\Program Files\Java\jre-1.8\bin\servertool.exe"

C:\Program Files\Java\jre-1.8\bin\rmid.exe

"C:\Program Files\Java\jre-1.8\bin\rmid.exe"

C:\Program Files\Java\jre-1.8\bin\unpack200.exe

"C:\Program Files\Java\jre-1.8\bin\unpack200.exe"

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe

"C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe"

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"

C:\Program Files\Microsoft Office\root\Integration\Integrator.exe

"C:\Program Files\Microsoft Office\root\Integration\Integrator.exe"

C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

"C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

"C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe

"C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe"

C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe

"C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe"

C:\Program Files\Microsoft Office\root\Office16\msoev.exe

"C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Program Files\Microsoft Office\root\Office16\msotd.exe

"C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Program Files\Microsoft Office\root\Office16\msoia.exe

"C:\Program Files\Microsoft Office\root\Office16\msoia.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7z.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Program Files\Common Files\microsoft shared\ink\mip.exe

"C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe

"C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe

"C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\7zG.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

"C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

"C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Program Files\Internet Explorer\ExtExport.exe

"C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

"C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\7-Zip\Uninstall.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"

C:\Program Files\Windows Defender\MSASCui.exe

"C:\Program Files\Windows Defender\MSASCui.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe"

C:\Program Files (x86)\Windows Mail\wabmig.exe

"C:\Program Files (x86)\Windows Mail\wabmig.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe"

C:\Program Files\7-Zip\7z.exe

"C:\Program Files\7-Zip\7z.exe"

C:\Program Files\Windows Media Player\setup_wm.exe

"C:\Program Files\Windows Media Player\setup_wm.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Internet Explorer\ielowutil.exe

"C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Program Files\Internet Explorer\iediagcmd.exe

"C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

"C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Program Files\Internet Explorer\ieinstal.exe

"C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Program Files\Java\jre-1.8\bin\pack200.exe

"C:\Program Files\Java\jre-1.8\bin\pack200.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe"

C:\Program Files\Mozilla Firefox\plugin-container.exe

"C:\Program Files\Mozilla Firefox\plugin-container.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe"

C:\Program Files\Mozilla Firefox\pingsender.exe

"C:\Program Files\Mozilla Firefox\pingsender.exe"

C:\Program Files (x86)\Google\Update\Install\{16192F7A-F8D4-4DCE-BE88-BF122FCFADB8}\chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{16192F7A-F8D4-4DCE-BE88-BF122FCFADB8}\chrome_installer.exe"

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe

OfficeC2RClient.exe /blockinstall

C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe"

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe

"C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe"

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Program Files\Java\jdk-1.8\bin\wsimport.exe

"C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe

"C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"

C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe

"C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe

"C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe"

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe"

C:\Program Files\Java\jdk-1.8\bin\rmic.exe

"C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Program Files\Java\jre-1.8\bin\javaws.exe

"C:\Program Files\Java\jre-1.8\bin\javaws.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"

C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe

"C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe"

C:\Program Files\Java\jre-1.8\bin\tnameserv.exe

"C:\Program Files\Java\jre-1.8\bin\tnameserv.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe

"C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe"

C:\Program Files\Microsoft Office\root\Office16\msoasb.exe

"C:\Program Files\Microsoft Office\root\Office16\msoasb.exe"

C:\Program Files\Windows Media Player\wmlaunch.exe

"C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe

"C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Program Files\Java\jre-1.8\bin\kinit.exe

"C:\Program Files\Java\jre-1.8\bin\kinit.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"

C:\Program Files\Windows Defender\NisSrv.exe

"C:\Program Files\Windows Defender\NisSrv.exe"

C:\Program Files\Java\jdk-1.8\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"

C:\Program Files\Java\jre-1.8\bin\keytool.exe

"C:\Program Files\Java\jre-1.8\bin\keytool.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaw.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaw.exe"

C:\Program Files\Mozilla Firefox\private_browsing.exe

"C:\Program Files\Mozilla Firefox\private_browsing.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe"

C:\Program Files\Java\jre-1.8\bin\orbd.exe

"C:\Program Files\Java\jre-1.8\bin\orbd.exe"

C:\Program Files (x86)\Windows Mail\WinMail.exe

"C:\Program Files (x86)\Windows Mail\WinMail.exe"

C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe

"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe"

C:\Program Files\Windows Media Player\wmpnetwk.exe

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe"

C:\Program Files\Windows Media Player\wmpnscfg.exe

"C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe

"C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe"

C:\Program Files\Mozilla Firefox\uninstall\helper.exe

"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Program Files\Java\jre-1.8\bin\ktab.exe

"C:\Program Files\Java\jre-1.8\bin\ktab.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe"

C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe

"C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe"

C:\Program Files (x86)\Windows Media Player\wmpshare.exe

"C:\Program Files (x86)\Windows Media Player\wmpshare.exe"

C:\Program Files\Mozilla Firefox\maintenanceservice.exe

"C:\Program Files\Mozilla Firefox\maintenanceservice.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"

C:\Program Files\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files\Java\jre-1.8\bin\ssvagent.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"

C:\Program Files (x86)\Windows Media Player\wmprph.exe

"C:\Program Files (x86)\Windows Media Player\wmprph.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Windows Defender\MpUXSrv.exe

"C:\Program Files\Windows Defender\MpUXSrv.exe"

C:\Program Files\Windows Defender\MSASCuiL.exe

"C:\Program Files\Windows Defender\MSASCuiL.exe"

C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe

"C:\Program Files\Windows Defender\ConfigSecurityPolicy.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe"

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

"C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe"

C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe

"C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe"

C:\Program Files\Java\jdk-1.8\bin\serialver.exe

"C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Program Files (x86)\Internet Explorer\ExtExport.exe

"C:\Program Files (x86)\Internet Explorer\ExtExport.exe"

C:\Program Files (x86)\Internet Explorer\iexplore.exe

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\SenseSampleUploader.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe"

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe"

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe

"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"

C:\Program Files\Windows Media Player\wmprph.exe

"C:\Program Files\Windows Media Player\wmprph.exe"

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffbcbb59758,0x7ffbcbb59768,0x7ffbcbb59778

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail"

C:\Program Files (x86)\Windows Mail\wab.exe

"C:\Program Files (x86)\Windows Mail\wab.exe"

C:\Program Files\Windows Mail\WinMail.exe

"C:\Program Files\Windows Mail\WinMail.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe"

C:\Program Files\Java\jdk-1.8\bin\wsgen.exe

"C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe

"C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"

C:\Program Files\Windows Mail\wab.exe

"C:\Program Files\Windows Mail\wab.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\java.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\java.exe"

C:\Program Files\Windows Media Player\wmpshare.exe

"C:\Program Files\Windows Media Player\wmpshare.exe"

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

C:\Program Files\Windows Media Player\wmplayer.exe

"C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe

"C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"

C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe

"C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"

C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"

C:\Program Files\Windows Defender\MpCmdRun.exe

"C:\Program Files\Windows Defender\MpCmdRun.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe"

C:\Program Files\Java\jdk-1.8\bin\xjc.exe

"C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe"

C:\Program Files\Mozilla Firefox\updater.exe

"C:\Program Files\Mozilla Firefox\updater.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe"

C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files\Windows Media Player\wmpconfig.exe

"C:\Program Files\Windows Media Player\wmpconfig.exe"

C:\Program Files\Windows Photo Viewer\ImagingDevices.exe

"C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"

C:\Program Files\Java\jdk-1.8\bin\unpack200.exe

"C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Program Files (x86)\Windows Media Player\wmlaunch.exe

"C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe"

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe

"C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe"

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe

"C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaws.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76921\javaws.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe"

C:\Program Files (x86)\Windows Media Player\wmpconfig.exe

"C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe"

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

"C:\Program Files\Mozilla Firefox\default-browser-agent.exe"

C:\Program Files\Windows NT\Accessories\wordpad.exe

"C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\java.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\java.exe"

C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe

"C:\Program Files\Windows Defender\Offline\OfflineScannerShell.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe"

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe"

C:\Program Files\Windows Defender\MsMpEng.exe

"C:\Program Files\Windows Defender\MsMpEng.exe"

C:\Program Files\VideoLAN\VLC\uninstall.exe

"C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Program Files\Windows Mail\wabmig.exe

"C:\Program Files\Windows Mail\wabmig.exe"

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff660147688,0x7ff660147698,0x7ff6601476a8

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe

"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe"

C:\Program Files\7-Zip\Uninstall.exe

"C:\Program Files\7-Zip\Uninstall.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffbcbb59758,0x7ffbcbb59768,0x7ffbcbb59778

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -private-window

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -private-window

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files (x86)\Mozilla Maintenance Service\

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

OfficeClickToRun.exe platform=

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"

C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe

"C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe"

C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe

"C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"

C:\Program Files\Common Files\microsoft shared\ink\mip.exe

"C:\Program Files\Common Files\microsoft shared\ink\mip.exe"

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

"C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

"C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe

"C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

"C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Program Files\Internet Explorer\ExtExport.exe

"C:\Program Files\Internet Explorer\ExtExport.exe"

C:\Program Files\Internet Explorer\iediagcmd.exe

"C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"

C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe

"C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe"

C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe

"C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe" _?=C:\Program Files\Mozilla Firefox\uninstall\

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff76ae97688,0x7ff76ae97698,0x7ff76ae976a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --force-first-run

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7ffbcbb59758,0x7ffbcbb59768,0x7ffbcbb59778

C:\Users\Admin\AppData\Local\Temp\7z739F74F4\Uninst.exe

C:\Users\Admin\AppData\Local\Temp\7z739F74F4\Uninst.exe /N /D="C:\Program Files\7-Zip\"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --reset-config --reset-plugins-cache vlc://quit

C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

"C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"

C:\Windows\PrintDialog\PrintDialog.exe

"C:\Windows\PrintDialog\PrintDialog.exe"

C:\Windows\System32\Control.exe

"C:\Windows\System32\Control.exe"

C:\Windows\MiracastView\MiracastView.exe

"C:\Windows\MiracastView\MiracastView.exe"

C:\Windows\system32\cleanmgr.exe

"C:\Windows\system32\cleanmgr.exe"

C:\Windows\system32\dxdiag.exe

"C:\Windows\system32\dxdiag.exe" /x C:\Users\Admin\AppData\Local\Temp\dxdiag.xml

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbcbb59758,0x7ffbcbb59768,0x7ffbcbb59778

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe" -tab about

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -getconfig=1

C:\Windows\hh.exe

"C:\Windows\hh.exe" C:\Program Files\7-Zip\7-zip.chm

C:\Windows\system32\MdSched.exe

"C:\Windows\system32\MdSched.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\secpol.msc" /s

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" -Iskins

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Program Files\Internet Explorer\ieinstal.exe

"C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Program Files\Internet Explorer\ielowutil.exe

"C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

"C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe"

C:\Program Files\Java\jdk-1.8\bin\pack200.exe

"C:\Program Files\Java\jdk-1.8\bin\pack200.exe"

C:\Program Files\Java\jdk-1.8\bin\policytool.exe

"C:\Program Files\Java\jdk-1.8\bin\policytool.exe"

C:\Program Files\Java\jdk-1.8\bin\kinit.exe

"C:\Program Files\Java\jdk-1.8\bin\kinit.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe"

C:\Program Files\Java\jdk-1.8\bin\xjc.exe

"C:\Program Files\Java\jdk-1.8\bin\xjc.exe"

C:\Program Files\Java\jdk-1.8\bin\rmid.exe

"C:\Program Files\Java\jdk-1.8\bin\rmid.exe"

C:\Program Files\Java\jdk-1.8\bin\schemagen.exe

"C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"

C:\Program Files\Java\jdk-1.8\bin\rmic.exe

"C:\Program Files\Java\jdk-1.8\bin\rmic.exe"

C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\bin\unpack200.exe

"C:\Program Files\Java\jdk-1.8\bin\unpack200.exe"

C:\Program Files\Java\jdk-1.8\bin\wsgen.exe

"C:\Program Files\Java\jdk-1.8\bin\wsgen.exe"

C:\Program Files\Java\jdk-1.8\bin\wsimport.exe

"C:\Program Files\Java\jdk-1.8\bin\wsimport.exe"

C:\Program Files\Java\jdk-1.8\bin\serialver.exe

"C:\Program Files\Java\jdk-1.8\bin\serialver.exe"

C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe

"C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe"

C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe

"C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe"

C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

"C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe"

C:\Program Files\Java\jdk-1.8\bin\klist.exe

"C:\Program Files\Java\jdk-1.8\bin\klist.exe"

C:\Program Files\Java\jdk-1.8\bin\ktab.exe

"C:\Program Files\Java\jdk-1.8\bin\ktab.exe"

C:\Program Files\Java\jdk-1.8\bin\orbd.exe

"C:\Program Files\Java\jdk-1.8\bin\orbd.exe"

C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

"C:\Program Files\Java\jdk-1.8\bin\extcheck.exe"

C:\Program Files\Java\jdk-1.8\bin\idlj.exe

"C:\Program Files\Java\jdk-1.8\bin\idlj.exe"

C:\Program Files\Java\jdk-1.8\bin\jar.exe

"C:\Program Files\Java\jdk-1.8\bin\jar.exe"

C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

"C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe"

C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

"C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe"

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

"C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"

C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe"

C:\Program Files\Java\jdk-1.8\bin\javac.exe

"C:\Program Files\Java\jdk-1.8\bin\javac.exe"

C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

"C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"

C:\Program Files\Java\jdk-1.8\bin\javah.exe

"C:\Program Files\Java\jdk-1.8\bin\javah.exe"

C:\Program Files\Java\jdk-1.8\bin\javap.exe

"C:\Program Files\Java\jdk-1.8\bin\javap.exe"

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

"C:\Program Files\Java\jdk-1.8\bin\javapackager.exe"

C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

"C:\Program Files\Java\jdk-1.8\bin\jstatd.exe"

C:\Program Files\Java\jdk-1.8\bin\keytool.exe

"C:\Program Files\Java\jdk-1.8\bin\keytool.exe"

C:\Program Files\Java\jdk-1.8\bin\servertool.exe

"C:\Program Files\Java\jdk-1.8\bin\servertool.exe"

C:\Program Files\Java\jdk-1.8\bin\javaw.exe

"C:\Program Files\Java\jdk-1.8\bin\javaw.exe"

C:\Program Files\Java\jdk-1.8\bin\jdb.exe

"C:\Program Files\Java\jdk-1.8\bin\jdb.exe"

C:\Program Files\Java\jdk-1.8\bin\javaws.exe

"C:\Program Files\Java\jdk-1.8\bin\javaws.exe"

C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

"C:\Program Files\Java\jdk-1.8\bin\jcmd.exe"

C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

"C:\Program Files\Java\jdk-1.8\bin\jdeps.exe"

C:\Program Files\Java\jdk-1.8\bin\jhat.exe

"C:\Program Files\Java\jdk-1.8\bin\jhat.exe"

C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

"C:\Program Files\Java\jdk-1.8\bin\jconsole.exe"

C:\Program Files\Java\jdk-1.8\bin\java.exe

"C:\Program Files\Java\jdk-1.8\bin\java.exe" -Xmx256M "-Djavafx.home=C:\Program Files\Java\jdk-1.8\bin" -classpath "C:\Program Files\Java\jdk-1.8\bin\..\lib\ant-javafx.jar;" com.sun.javafx.tools.packager.Main

C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

"C:\Program Files\Java\jdk-1.8\bin\jinfo.exe"

C:\Program Files\Java\jdk-1.8\bin\jstack.exe

"C:\Program Files\Java\jdk-1.8\bin\jstack.exe"

C:\Program Files\Java\jdk-1.8\bin\jstat.exe

"C:\Program Files\Java\jdk-1.8\bin\jstat.exe"

C:\Program Files\Java\jdk-1.8\bin\jjs.exe

"C:\Program Files\Java\jdk-1.8\bin\jjs.exe"

C:\Program Files\Java\jdk-1.8\bin\jmap.exe

"C:\Program Files\Java\jdk-1.8\bin\jmap.exe"

C:\Program Files\Java\jdk-1.8\bin\jps.exe

"C:\Program Files\Java\jdk-1.8\bin\jps.exe"

C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

"C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe"

C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

"C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11404.0.1169540198\614822128" -parentBuildID 20221007134813 -prefsHandle 1656 -prefMapHandle 1644 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {581863ed-0637-4c1e-8e34-79c5c6485560} 11404 "\\.\pipe\gecko-crash-server-pipe.11404" 1736 1de0add6a58 gpu

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe"

C:\Windows\system32\msinfo32.exe

"C:\Windows\system32\msinfo32.exe"

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe" "C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"

C:\Windows\system32\quickassist.exe

"C:\Windows\system32\quickassist.exe"

C:\Windows\system32\odbcad32.exe

"C:\Windows\system32\odbcad32.exe"

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe

"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe" "C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE"

C:\Program Files\Java\jre-1.8\bin\javacpl.exe

"C:\Program Files\Java\jre-1.8\bin\javacpl.exe" -tab update

C:\Windows\system32\msconfig.exe

"C:\Windows\system32\msconfig.exe"

C:\Program Files\Microsoft Office\root\Office16\msoev.exe

"C:\Program Files\Microsoft Office\root\Office16\msoev.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc"

C:\Program Files\Microsoft Office\root\Office16\msotd.exe

"C:\Program Files\Microsoft Office\root\Office16\msotd.exe"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s

C:\Windows\system32\psr.exe

"C:\Windows\system32\psr.exe"

C:\Windows\system32\xpsrchvw.exe

"C:\Windows\system32\xpsrchvw.exe"

C:\Windows\system32\iscsicpl.exe

"C:\Windows\system32\iscsicpl.exe"

C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"

C:\Windows\system32\SnippingTool.exe

"C:\Windows\system32\SnippingTool.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11404.1.679283393\39726111" -parentBuildID 20221007134813 -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b0a91e2-8eea-4814-b3e2-1e387b3c316a} 11404 "\\.\pipe\gecko-crash-server-pipe.11404" 2112 1de0a53ee58 socket

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\perfmon.msc" /s

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11092.0.1824645030\1854155088" -parentBuildID 20221007134813 -prefsHandle 1568 -prefMapHandle 1564 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93289ea3-05f2-480e-94b2-140d5820ed6a} 11092 "\\.\pipe\gecko-crash-server-pipe.11092" 1660 2b12b4d8f58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11092.1.1020592828\1313633521" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1824 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7904390f-fae0-41a2-9030-52c75b7d678c} 11092 "\\.\pipe\gecko-crash-server-pipe.11092" 1844 2b12b945858 socket

C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe

"C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe" -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8564.0.233585041\1334335220" -parentBuildID 20221007134813 -prefsHandle 1568 -prefMapHandle 1552 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeeb4311-ce40-4bf5-adce-58353c11081a} 8564 "\\.\pipe\gecko-crash-server-pipe.8564" 1664 266ff9d6558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9120.0.457349199\112127400" -parentBuildID 20221007134813 -prefsHandle 1580 -prefMapHandle 1568 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2163a1c5-b283-478a-b638-94cbf0f543f2} 9120 "\\.\pipe\gecko-crash-server-pipe.9120" 1660 1559f9d7a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11484.0.1712151185\1859443156" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1560 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62994a1a-b285-4d3f-aa5b-9c3d6e90a4bb} 11484 "\\.\pipe\gecko-crash-server-pipe.11484" 1664 2098b6d7758 gpu

C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe

C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe /peruser /childprocess

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9008.0.30342269\1245351009" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1560 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ea4f335-157b-4b75-82da-836b371577e8} 9008 "\\.\pipe\gecko-crash-server-pipe.9008" 1664 2402e3d9e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11452.0.1514265213\407016924" -parentBuildID 20221007134813 -prefsHandle 1564 -prefMapHandle 1560 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aa0bb25-a674-471c-b5d0-eef9e28deedc} 11452 "\\.\pipe\gecko-crash-server-pipe.11452" 1664 227fb7d8c58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11420.0.2110290712\1732532950" -parentBuildID 20221007134813 -prefsHandle 1580 -prefMapHandle 1576 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {336d0ac9-70d4-4dc7-9533-03bf6c6ef257} 11420 "\\.\pipe\gecko-crash-server-pipe.11420" 1660 1614c8d9e58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11436.0.1941447061\1308165250" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1572 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1312234a-1a8a-4b70-b83e-d9f6fbac8902} 11436 "\\.\pipe\gecko-crash-server-pipe.11436" 1668 25438bd8958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11476.0.2113803078\1805802598" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1572 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aea9db1-f645-4293-99f8-8a061fe80ad5} 11476 "\\.\pipe\gecko-crash-server-pipe.11476" 1664 1c06f3d9858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11364.0.623963590\1277008348" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1560 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08a757d1-b54f-4334-bab5-e5e799502de1} 11364 "\\.\pipe\gecko-crash-server-pipe.11364" 1664 194974d8c58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8564.1.818245985\672215864" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1788 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e405c86-6aa2-48e2-830b-a5e428b1353a} 8564 "\\.\pipe\gecko-crash-server-pipe.8564" 1836 266ffe48658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11484.1.583537922\205739075" -parentBuildID 20221007134813 -prefsHandle 1768 -prefMapHandle 1772 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0bbad60-91ae-4d94-8049-ea89e6225d11} 11484 "\\.\pipe\gecko-crash-server-pipe.11484" 1836 2098bb46158 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11444.0.430887841\1306149360" -parentBuildID 20221007134813 -prefsHandle 1568 -prefMapHandle 1564 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0990b5a8-0e9a-4076-b059-5712befbe341} 11444 "\\.\pipe\gecko-crash-server-pipe.11444" 1660 2aaf59d8658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9120.1.1228483759\1738584130" -parentBuildID 20221007134813 -prefsHandle 1832 -prefMapHandle 1828 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b5aba6-ae8b-4dcb-a412-8971761f0862} 9120 "\\.\pipe\gecko-crash-server-pipe.9120" 1780 1559f849858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11420.1.507025192\1695493442" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1816 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e84d83fa-7cb1-44ea-b12b-d172a4a8df7d} 11420 "\\.\pipe\gecko-crash-server-pipe.11420" 1840 1614cd46358 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11452.1.921980141\1671367083" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1820 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {996a2fe5-9243-460f-86cc-96e400cd2a22} 11452 "\\.\pipe\gecko-crash-server-pipe.11452" 1836 227fb646658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="9008.1.1451475230\1638474674" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1812 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9bb3b8-cb2b-46ab-913d-a8dac552919a} 9008 "\\.\pipe\gecko-crash-server-pipe.9008" 1836 2402e847558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11316.0.651789674\1233926857" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1560 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3a8fb61-9bea-41ae-bb09-80f0da17ba78} 11316 "\\.\pipe\gecko-crash-server-pipe.11316" 1664 1527fed8358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11436.1.835723869\1563109005" -parentBuildID 20221007134813 -prefsHandle 1840 -prefMapHandle 1836 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c84daaea-5ef6-49d1-8f13-eec72a181afb} 11436 "\\.\pipe\gecko-crash-server-pipe.11436" 1860 2543904c558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11004.0.404312754\724068161" -parentBuildID 20221007134813 -prefsHandle 1568 -prefMapHandle 1544 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ede29384-1355-46de-be72-8a4848a4de7e} 11004 "\\.\pipe\gecko-crash-server-pipe.11004" 1660 1b5228d8658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11476.1.2116700809\1795802637" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1812 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd18bd6a-5fce-422e-ba4b-71e54bbcfdd7} 11476 "\\.\pipe\gecko-crash-server-pipe.11476" 1836 1c06f246b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11372.0.656172110\1308513480" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1564 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7c9ebd2-f430-4190-a490-a2a8de5f2f0b} 11372 "\\.\pipe\gecko-crash-server-pipe.11372" 1664 27e90bd7758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11444.1.1678805586\418117223" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1824 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1db7826-1255-4677-9849-de777a233a2f} 11444 "\\.\pipe\gecko-crash-server-pipe.11444" 1840 2aaf5844858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11396.0.790041030\169064020" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1568 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bd31b3d-638d-47f3-b455-34c4f55aec7d} 11396 "\\.\pipe\gecko-crash-server-pipe.11396" 1660 2aefd2d8f58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11364.1.483223572\262259343" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1816 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a08470e-db66-428b-b05f-816c5f1e2f95} 11364 "\\.\pipe\gecko-crash-server-pipe.11364" 1832 19497946858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11468.0.882186688\404238852" -parentBuildID 20221007134813 -prefsHandle 1568 -prefMapHandle 1556 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c670fd3-6061-418c-a682-812ead71c925} 11468 "\\.\pipe\gecko-crash-server-pipe.11468" 1660 1f066fd6458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11316.1.1343047075\778972587" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1812 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8730a9e6-b969-4911-bedc-b14c8eb56870} 11316 "\\.\pipe\gecko-crash-server-pipe.11316" 1836 1527fd49b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11004.1.563849402\1639936709" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1816 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b52d1125-447e-45b0-995b-bf3d69ebaedf} 11004 "\\.\pipe\gecko-crash-server-pipe.11004" 1832 1b522d4c558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11396.1.105137633\939164912" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1828 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0b2115c-ce75-4961-b83e-f014f95072bc} 11396 "\\.\pipe\gecko-crash-server-pipe.11396" 1856 2aefd146b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11372.1.541590973\52756736" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1820 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82af51f4-fd55-4c2b-81bb-03149546433a} 11372 "\\.\pipe\gecko-crash-server-pipe.11372" 1836 27e91045a58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11552.0.652502483\1311008840" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2eea8f3-2c76-4abc-855b-3f9a857b7c69} 11552 "\\.\pipe\gecko-crash-server-pipe.11552" 1660 2d79e8d9858 gpu

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel -tab about

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11468.1.783264922\1846334136" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1820 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e939369-334c-4d37-97a8-a49d97a530e0} 11468 "\\.\pipe\gecko-crash-server-pipe.11468" 1836 1f067446b58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11552.1.2034595232\676979339" -parentBuildID 20221007134813 -prefsHandle 1832 -prefMapHandle 1828 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da34a7a4-85c4-4e9d-a97a-4fc8eca8eff5} 11552 "\\.\pipe\gecko-crash-server-pipe.11552" 1780 2d79ed47858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11176.0.1770997130\184005712" -parentBuildID 20221007134813 -prefsHandle 1568 -prefMapHandle 1556 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce640afd-43f7-4637-914c-e8eeedfae5d8} 11176 "\\.\pipe\gecko-crash-server-pipe.11176" 1696 203ae2d6758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11176.1.1950437284\1552719349" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1816 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5393f66a-a770-4111-a6ac-b44e37c79f9e} 11176 "\\.\pipe\gecko-crash-server-pipe.11176" 1832 203ae749558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11460.0.1926238970\1233449759" -parentBuildID 20221007134813 -prefsHandle 1576 -prefMapHandle 1556 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5188e0ce-afa4-4409-8000-8f4d9d1462da} 11460 "\\.\pipe\gecko-crash-server-pipe.11460" 1668 20b944d7a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11460.1.140277815\271965797" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1824 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dbfc265-d70c-4597-8b44-da3f9d8c1cc9} 11460 "\\.\pipe\gecko-crash-server-pipe.11460" 1840 20b94945858 socket

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel -tab update

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11348.0.1900397327\211704250" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1564 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c02a0be4-9ae5-4394-87de-c02c26fded85} 11348 "\\.\pipe\gecko-crash-server-pipe.11348" 1660 183feed8958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11816.0.1473749367\1048141786" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15bbe6d2-a877-4b27-bab5-6c962e6cce2b} 11816 "\\.\pipe\gecko-crash-server-pipe.11816" 1544 26d3a1d8958 gpu

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 7792 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE

"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE"

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 25104 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11348.1.473800961\1762295055" -parentBuildID 20221007134813 -prefsHandle 1832 -prefMapHandle 1828 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {373088ff-3919-401e-8561-ff59b1e95b1b} 11348 "\\.\pipe\gecko-crash-server-pipe.11348" 1844 183ff34a458 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11816.1.1425982730\32152734" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1840 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82b0f9b6-e747-4fc8-9cc0-a1405e7a1e49} 11816 "\\.\pipe\gecko-crash-server-pipe.11816" 1856 26d3a644258 socket

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 7792 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 25104 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\comexp.msc"

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc" /s

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /t "C:\Program Files\Microsoft Office\Root\Office16\1033\TelemetryDashboard.xltx" /x

C:\Windows\system32\perfmon.exe

"C:\Windows\system32\perfmon.exe" /res

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /t "C:\Program Files\Microsoft Office\Root\Office16\1033\TelemetryLog.xltx" /x

C:\Windows\Speech\Common\sapisvr.exe

"C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\system32\WF.msc"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11536.0.970058898\359950419" -parentBuildID 20221007134813 -prefsHandle 1556 -prefMapHandle 1576 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad7f0228-fd97-451d-a8db-a09b5900df91} 11536 "\\.\pipe\gecko-crash-server-pipe.11536" 1668 157aaed6d58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11536.1.255864267\653374640" -parentBuildID 20221007134813 -prefsHandle 1756 -prefMapHandle 1760 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2920bf8b-ef8e-43db-8c96-70dce0ad86f7} 11536 "\\.\pipe\gecko-crash-server-pipe.11536" 1844 157aad46058 socket

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\fc29075d2ea84af2a48078dbae1c3b33 /t 3456 /p 3332

C:\Windows\system32\dxdiag.exe

"C:\Windows\system32\dxdiag.exe" /x C:\Users\Admin\AppData\Local\Temp\dxdiag.xml

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11012.0.1541022805\1210387871" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1576 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e1c0e7f-9f0f-4633-99e4-ea72ef7e8fd4} 11012 "\\.\pipe\gecko-crash-server-pipe.11012" 1664 214286d7a58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="10972.0.993340632\2145151674" -parentBuildID 20221007134813 -prefsHandle 1576 -prefMapHandle 1568 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd00e4a-4a30-43f3-b32e-b92086e6e44e} 10972 "\\.\pipe\gecko-crash-server-pipe.10972" 1664 250497d8c58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11012.1.632429812\1745176199" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1820 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3c7ef47-2d65-486e-b3fc-7aaca0f03613} 11012 "\\.\pipe\gecko-crash-server-pipe.11012" 1836 21428546958 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="10972.1.1843122908\89907923" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1812 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41aae28b-129a-4814-9082-e728ef742f8a} 10972 "\\.\pipe\gecko-crash-server-pipe.10972" 1836 25049647558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="10980.0.1341074609\1359064411" -parentBuildID 20221007134813 -prefsHandle 1572 -prefMapHandle 1560 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd036690-0cd5-498d-a1d2-0b18840f7069} 10980 "\\.\pipe\gecko-crash-server-pipe.10980" 1664 1feccdd8658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11528.0.806294893\1208535574" -parentBuildID 20221007134813 -prefsHandle 1560 -prefMapHandle 1564 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8770e940-2c92-480c-a069-a91a3d6ae8c3} 11528 "\\.\pipe\gecko-crash-server-pipe.11528" 1664 1d820ad7758 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11808.0.1642097831\1127419238" -parentBuildID 20221007134813 -prefsHandle 1552 -prefMapHandle 1560 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55c35c47-cfb9-403e-91d7-b254f930f5dd} 11808 "\\.\pipe\gecko-crash-server-pipe.11808" 1656 1dd563d8958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="10980.1.412342255\109123069" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1812 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f0237f4-fa91-4527-8d4c-58b9f8e40b74} 10980 "\\.\pipe\gecko-crash-server-pipe.10980" 1836 1feccc47258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11020.0.221633566\85723719" -parentBuildID 20221007134813 -prefsHandle 1564 -prefMapHandle 1552 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39450362-9649-4065-9d12-56dadb82c7b8} 11020 "\\.\pipe\gecko-crash-server-pipe.11020" 1656 272f5ed6458 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11528.1.529012519\378734285" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1752 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d7b356-f4aa-42a1-af0a-0a47d559c304} 11528 "\\.\pipe\gecko-crash-server-pipe.11528" 1836 1d820f42c58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11168.0.1881426440\208465745" -parentBuildID 20221007134813 -prefsHandle 1540 -prefMapHandle 524 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e32ef6d4-3cf3-4651-8c20-339b716290a2} 11168 "\\.\pipe\gecko-crash-server-pipe.11168" 1660 1b9fffd9558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="11808.1.483214982\1482745036" -parentBuildID 20221007134813 -prefsHandle 1812 -prefMapHandle 1808 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b366c4ce-5f78-48e2-9952-be56efb97708} 11808 "\\.\pipe\gecko-crash-server-pipe.11808" 1828 1dd56246b58 socket

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 1.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
US 8.8.8.8:53 255.255.127.10.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.1.0.f.9.8.c.5.1.9.d.0.0.0.0.0.0.0.0.1.0.c.f.0.0.0.0.0.e.ip6.arpa udp
US 8.8.8.8:53 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 16.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
GB 2.22.96.153:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 16.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.0.0.0.0.0.1.0.f.9.9.9.0.6.6.1.2.0.ip6.arpa udp
US 8.8.8.8:53 153.96.22.2.in-addr.arpa udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.5.d.d.5.e.0.c.ip6.arpa udp
US 8.8.8.8:53 105.246.116.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 detectportal.firefox.com udp
US 8.8.8.8:53 hl2rcv.adobe.com udp
US 8.8.8.8:53 97.32.109.52.in-addr.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 82.221.107.34.in-addr.arpa udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 192.147.130.244:443 hl2rcv.adobe.com tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 244.130.147.192.in-addr.arpa udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43842\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI43842\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI43842\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI43842\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI43842\_socket.pyd

MD5 dc06f8d5508be059eae9e29d5ba7e9ec
SHA1 d666c88979075d3b0c6fd3be7c595e83e0cb4e82
SHA256 7daff6aa3851a913ed97995702a5dfb8a27cb7cf00fb496597be777228d7564a
SHA512 57eb36bc1e9be20c85c34b0a535b2349cb13405d60e752016e23603c4648939f1150e4dbebc01ec7b43eb1a6947c182ccb8a806e7e72167ad2e9d98d1fd94ab3

C:\Users\Admin\AppData\Local\Temp\_MEI43842\_lzma.pyd

MD5 05e8b2c429aff98b3ae6adc842fb56a3
SHA1 834ddbced68db4fe17c283ab63b2faa2e4163824
SHA256 a6e2a5bb7a33ad9054f178786a031a46ea560faeef1fb96259331500aae9154c
SHA512 badeb99795b89bc7c1f0c36becc7a0b2ce99ecfd6f6bb493bda24b8e57e6712e23f4c509c96a28bc05200910beddc9f1536416bbc922331cae698e813cbb50b3

C:\Users\Admin\AppData\Local\Temp\_MEI43842\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

C:\Users\Admin\AppData\Local\Temp\_MEI43842\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI43842\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI43842\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI43842\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

memory/8024-57-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

memory/5556-79-0x0000015A1DBD0000-0x0000015A1DBD1000-memory.dmp

memory/8024-75-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

memory/8024-81-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

memory/8024-65-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

memory/7768-84-0x000001347C620000-0x000001347C621000-memory.dmp

memory/5952-85-0x00000299C06B0000-0x00000299C06B1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 0557616148dec595d1f7addebc9f086e
SHA1 403b983149ec98e6a5650479995364ae05a2b339
SHA256 7c9c9691ee4a1c65e28fb8ea64eb58d4503e20cebf1c83bd6ef51204d7744cd3
SHA512 c87296afe89f3c59f2c2e4dd65902ba84492c73f99fca09ac3bc87415b94ac5b0609a4d5ec316a436ab1e977dfe6250d3315388b5093dec0aab8f9541aa62c20

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 0bce928d11d38b364602b6797d9cee04
SHA1 5d546b897653f7ada5c1537a75d4e1528e38c0f9
SHA256 3bc674bc39fb7507507a2c8e30c791292f82f796e186cd527f793077dcb72a0c
SHA512 9cdbe991b3a2cf6a0780ccafde1c9ceb2423331dfb3af5eaa47ad5d269f327b541b45c8dd472e9797c18d18c9cd9ed7e6987d7d28030eb07eaa60707c180a7aa

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 a774433da923673bc7a7e59111c09c24
SHA1 c5aac0367c17607173567d62ee2d87e88c532bf2
SHA256 cb46e559df16b7786296cf1aa21304e2c6b14418f07c53048ef8706e14795e23
SHA512 fa3ed8d1d6398b67ec9011a1ce7bc7628719d2dd51e479a052b5cc5326f28e54476eab361d715df075127999995ca5810f4599a60a91a9a0af47a5c8ac3548f3

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 1298691d7759f5344cfac5c81ec90e14
SHA1 96b46723856b5dbbf8e0e36330a0b2d5ba29e366
SHA256 3580bcedc5a8ce3456d4003b33e67c4738a3252d93c5165b8ad81e0b0d2007fe
SHA512 c7a51e416a67775656551821106a84c15e3e0667f25b78a1cb67fcde695d1a9076299f6e9f2ee5d80dd277eefeffe6c08e19621a687ca797820a27fd11117684

memory/5952-141-0x00000299C06B0000-0x00000299C06B1000-memory.dmp

memory/436-302-0x000001B1557F0000-0x000001B1557F1000-memory.dmp

memory/5440-329-0x000002EFD38C0000-0x000002EFD38C1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 72811158f2f24514d65477cf327bda39
SHA1 a5ee43654d84d430c3a90f16ab50fe8b25af2d93
SHA256 a930491f29070e7a84f2b7c07cc32ebcf6a4e96e115eb353bff20598d419d799
SHA512 ecd9b072f5be2108cabb3cd4e26b2acc237eb61cf0b38bf1fbac7503cae3d8baed7fc9092b5fc6f7c59a891649d37151653ca587f233db6b650026b2ee1622da

memory/8056-416-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

memory/628-388-0x000001EBE9170000-0x000001EBE9171000-memory.dmp

memory/5184-449-0x000001F58EF50000-0x000001F58EF51000-memory.dmp

memory/7784-447-0x000002A89C260000-0x000002A89C261000-memory.dmp

memory/8812-414-0x0000000000030000-0x000000000003E000-memory.dmp

memory/7784-413-0x000002A89C260000-0x000002A89C261000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 b26b38f1c798c889eac6fa11cbd4d35c
SHA1 f9545afd920e12948c834b583676c7179c1855a8
SHA256 54a27d0536f8651ec8905a24b9e7215e88a1dbe936fafc5432f4c03f22273540
SHA512 94dd89877633e557258e488c473f14c4287c764dc748290137a5b514f21b81c6f2bbef92a04965ed19628eb7b8336670c05c094ce68786e952009fa6a86d9b21

memory/7052-355-0x000001C0C69F0000-0x000001C0C69F1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 535b25c6454c52efb26248559b3270cd
SHA1 219a79e66cf653ff732e259d09aee8b55fb6ce72
SHA256 4a4951e1529ba2560c2548f3b31f3900d34ecd6f388275873537bf04947f4bc8
SHA512 0dfba86e6a30541299c4a8d4bff82ebbfca130e8dafd0d79b43fd7228dd688bf64701b07f912e3fa0502d19e985eca8eb891d4e6ad23c45429cf298a21737ff4

memory/8056-481-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 9d42a178166bdccea9a1851cdd282bd8
SHA1 2b942764ac2cfc882ba9d2b090a10af8cf5b71a1
SHA256 34fb79eccf07cc90dd74a428434d75a12ea4c4fbee0a81670c9b380d2ae3d7fd
SHA512 9f7b0b5c6b67ca33ad63948b745de1a382a5bab16844a8edee159949af9d0999d01c4b9fa91c34d0a46759cd3b1e64dc1f4f811508962a1ccffc15a66b45d071

memory/7896-563-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 7c4b00d991312a7bbb13554577aebcf5
SHA1 5a98800812e85c8de3eb49ce47b3f04efd96bbe0
SHA256 85bbb52c3c95d710a0a8be39ba3b98f94075c598ea8a541ca429e6253ee5549b
SHA512 03d25c0a13e0912aca84be744794da14ede533c659f52daee8732df1c180da3944225a907eeaed79ef44af15e8eee918a3bd3276d800d46e017ecba8db9b9fc8

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 326bc670d3fd9b242753980e8d242817
SHA1 959b58c8a00502592438ce5a6052e0fe96401825
SHA256 9f32c49c09bd66ca1066583905dbd0425be1e39169f2b644c1527648f8b84b9c
SHA512 7db44c5d9be8d3353afa88ec3e0ec6d1217a7431c18d144ba438138a4f7f4d34dd905ba90cd3ddd5b100f0ab25069de7ebe6240d3009c922ef768237cc574adc

memory/7896-562-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

memory/7896-561-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

memory/7896-560-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 34b99eb571a8725eda5cf0c70c2833c0
SHA1 459ef801b75d874066cdf07590734d781ccb221d
SHA256 a582842ec5f4f94d1663db82797acfa138a43008c59c57e5f79b9cca447c7b2d
SHA512 92915fdff3021ebb2498955385a5855932370f071ed6cc0c6d8ed48a092caa25ec7593225674b63c7214f4fded5ca79f0b8349fdb1108cd9b9d7d3c0dfee97f5

memory/6348-547-0x000001885FF70000-0x000001885FF71000-memory.dmp

memory/7784-546-0x000002A89C260000-0x000002A89C261000-memory.dmp

memory/32-545-0x00000148B06E0000-0x00000148B06E1000-memory.dmp

memory/5184-544-0x000001F58EF50000-0x000001F58EF51000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 13d6a2e078e53331412169e6639f34b8
SHA1 57c8c4955b3c6dd9f95c0c1938920761fe8fc95c
SHA256 3c2f2396a3a4b82c68fa2ac15f68f6508b1800b1941ac9a340988b0e7f4f3b5a
SHA512 34a968e0f3c9e30d5486060a5a1449b8bf2e87e00d39156b18b4ab7c25b05a29a76d0fb6168cd7f3f1698653b68c57a7d0aca748b9404c0242154e5e90b33a3e

memory/6840-523-0x00000149FFA50000-0x00000149FFA51000-memory.dmp

memory/12096-466-0x00007FF77ABB0000-0x00007FF77AC33000-memory.dmp

memory/6612-490-0x000001ABE33F0000-0x000001ABE33F1000-memory.dmp

memory/8056-455-0x00007FFBAEA80000-0x00007FFBAEA90000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4106386276-4127174233-3637007343-1000\83aa4cc77f591dfc2374580bbd95f6ba_ebaa0802-254d-4be1-a642-a8a5c0b06224

MD5 c8366ae350e7019aefc9d1e6e6a498c6
SHA1 5731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA256 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA512 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

memory/7668-421-0x00000269BDA70000-0x00000269BDA71000-memory.dmp

memory/5816-460-0x000001E0132A0000-0x000001E0132A1000-memory.dmp

memory/6528-459-0x000001BB68F60000-0x000001BB68F61000-memory.dmp

memory/5816-458-0x000001E0132A0000-0x000001E0132A1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 1308148c99572d70b961e83462fcd7a9
SHA1 2d7f6846ac899f2d250bbd1b57b78c19551afca5
SHA256 bce20a86912bc9bd4fa0462347a2be175af924482c718877ed2b809667861a72
SHA512 37ec966dc44ef5766ff23c729fcac23da83ec9ab1352129d14a0c6b307d5a61b26bf9c901d920fb550817813694dab54ca5aa04a67afd0849ee57b126be2818b

memory/5952-310-0x00000299C06B0000-0x00000299C06B1000-memory.dmp

memory/6528-309-0x000001BB68F60000-0x000001BB68F61000-memory.dmp

memory/344-300-0x000002B8ED200000-0x000002B8ED201000-memory.dmp

memory/628-264-0x000001EBE9170000-0x000001EBE9171000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 911f7102d2b875afe77060ca05397a4d
SHA1 a17376c18ba8de90cf90810470f62b41850d8706
SHA256 a076bbe18b11e1882278c62e3cb6f21c587ef9a1e2cae5debe7f019efbd158c9
SHA512 8231d1611acbb9f3f6a04f39eafc9be055c29c7b31da5c40c6617457d5660d43b1db2b6bbf870b5cc7d2669a6874175402e67846b5f8227a327332c06a7207f7

memory/7052-221-0x000001C0C69F0000-0x000001C0C69F1000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 d77466be7ee2d35fd213070255784767
SHA1 73b2e15f1366f77db4d9b184811c0dedbbd9803f
SHA256 1d3efa4a5c13ea2539748bf9fc626982452359f8781d4d209c17a3cadb95af7a
SHA512 5c16c8c3a3ac6104564c4fc61539c02c47af6a320f8ba259890e9dcb4e328e3ace7748e135762e4f2216ad3adeba1993d84619cf52be38d8e178ac6104321299

memory/13396-957-0x00000232EB400000-0x00000232EC190000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 47c27fb17dcb27810aa66dcfb453dab1
SHA1 a0aa3cf8c7739e2f23422886517755ba5f35b946
SHA256 8805a20e127a828921d9901dfa80fd507296bc844df99c4eb8862231453879b3
SHA512 1776f488e4cff697092d5f7e09d4044f7c3dfa179160f026cdd94cddcd30f0b5d624e010a4290eba76e0834cd6a39029af35c932bc2f046dc4009cd295190748

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 e45f616880ef22c0c4a834214d846bb9
SHA1 a113a78a6ddedd4f80b9ea12fe5b9c17cfd51fea
SHA256 d2ca6dfabc9d26b261ee57b0ef5fd684a264fba340d10794a46c219ecec785c7
SHA512 976ecd2462369a06738461e784778dd2f378bf83270623f2cf1a30ea6580661c0feba93fca9ac6e9a918f8f3ba9e061bd3ac30b9ace3d0088b0dfb50691b6ed6

memory/13396-851-0x00000232D0240000-0x00000232D0248000-memory.dmp

memory/11864-796-0x00000000003A0000-0x00000000003AC000-memory.dmp

memory/11076-1391-0x00000000023D0000-0x0000000002406000-memory.dmp

memory/11076-1392-0x0000000002410000-0x0000000002444000-memory.dmp

memory/11076-1390-0x0000000002480000-0x00000000024E6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nslAE04.tmp\System.dll

MD5 b361682fa5e6a1906e754cfa08aa8d90
SHA1 c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256 b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA512 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

memory/17556-1430-0x00007FF77ABB0000-0x00007FF77AC33000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe

MD5 856f6ba813d0bd232817be42d277fe0c
SHA1 a9f8be1ce91f9b8fa7e967ad30dc5c50cd6b9b5e
SHA256 f4fced4fbba70a23e261cba1b765d734de2cbed3c8996095117375906f6b8a23
SHA512 f5f88a23541f25ad880b30758fe835001a2f2fa1668ff524eb7e7d6c8c4e03b6c319101d5cd7e7a0117bbb648b7e2543d75c823814492b5d655adade4bd178df

C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\CityHash.dll

MD5 2021acc65fa998daa98131e20c4605be
SHA1 2e8407cfe3b1a9d839ea391cfc423e8df8d8a390
SHA256 c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14
SHA512 cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\ioSpecial.ini

MD5 7ec2527a5888808d4212189dd499fd49
SHA1 64143b0ebf676e77e6ee157bd151e50cf88225b2
SHA256 fb93d2de45054bb29bd526906e8ba3a2777996446c654c1fac38de3d0567a856
SHA512 a501cec769824e7b37252780887d15d0b67f4b648d6d22e0bd78fc2abee08b573df26c6e7f27f17781968c170e5457b97b2b24afe510c68000fa25d68b7a0193

C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\InstallOptions.dll

MD5 fd249bc508706f04a18e0bc0afddec82
SHA1 b94efda9f41c89fc6120ed385867125d03f28bea
SHA256 c34f095e200db420ce9af5489c3e392be285e43c3f4c9fbe34686b1f0a1531ad
SHA512 c820c06ad5ae21101602d9e7864fed9b470b25fa9a0ee025d05e72697d88c7e03cbee7ad476f4e3d5b6e467248b8ad1fefa2710c76011e2156b85068961404ba

C:\Users\Admin\AppData\Local\Temp\nscB259.tmp\modern-wizard.bmp

MD5 49ff8ad8f51875597f3e919e8770c24c
SHA1 1e840ce0f68281e312317bcbdbc10fdfcd3959c3
SHA256 76da716588b8e51e36ee7a674cd873a8069e27fef73851d1e190face5a67fc66
SHA512 dcf29bbef46b1bd8d9f6c6221955ab06da23bc6661c603c188ce34fed80984a3b6d2006ab38b49aa9d1908d714cc0f40e63b6230244e4d4a0c9baebbbda1ddb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 8f3843a9da63a7c396a894b5865b2f67
SHA1 2e7f9776d1ba8b15aea00d84eff977929ed70022
SHA256 76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a
SHA512 06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

memory/11976-1656-0x00000198EDB10000-0x00000198EDB1A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpB6BD.tmp

MD5 9e936c2078b286132cd6b9c8602fd17a
SHA1 f638b8a7448daa6da754c9bb2fbf2cf4ee1b007e
SHA256 fa994badb1e90b2629e0d955572ca57efe97169d20d6b4957e2f830e3680da9e
SHA512 6973f1eef2a2baccf2b0bccf5047f6db434698cd483c0b0dfbfcc2230c45bc1ce4a23e67b5ab7ec8767d4cc8d75dcc76eeb347038eabdf5ec99bc12e3a3bb946

memory/12096-1736-0x0000027AD7CA0000-0x0000027AD7E62000-memory.dmp

memory/5940-1748-0x000001B8274C0000-0x000001B828250000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 e484afdebe820302b4e3060fa2ac4a4d
SHA1 9914928292b5b5c767e37a4a6096f3752a4af1f6
SHA256 73f01c78db79de43f18c11e8d375604f522c2a207bd58b2d46d902ad96979fb9
SHA512 b5b2032af4bee32d1f1611fbb67564f2ed67afbf791aa75dd52aa4488c1c3eb43f60b5f3324ad2b8ef0e43c4c0b3636ce91a847193d3054b392654d1f77f325e

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 26174a759475159d4bdd99837838454a
SHA1 7cc50b856ef764e3984dae66046bb1c0591cb4c1
SHA256 5718e132bd6009ab4433d2accba9adbc1cd8332719ed303ae7e76f0e786b5c8e
SHA512 367e017b4096ecd2edd30cc126ffbb0c6a553d66713c3f181e933c80cd9bd0d83dc4fba8998f6bffbc85b8ec28c53963cc99784443444e7ddb7e9a7f5258c279

memory/13396-1842-0x00000232D1F30000-0x00000232D1F58000-memory.dmp

memory/13396-1840-0x00000232D05E0000-0x00000232D05EA000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 c7bda85794fea979fd3707225e43f289
SHA1 36affeb87db9e0e52530645b240b16774417c24d
SHA256 4d9fa3349d6a57f78093eb3c12d5f5a7f4012f1e2b518c10c4447ab376ccd176
SHA512 3d39886320a32f277c5b2e0647b8062f1517a86985e2ed7b4c2499ad2616de8ae73149a5de9caeee548ee128261fc86bed5e8cf195fef39520b0f94df65cf539

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 3dda6273424bb740dee2c695df61752d
SHA1 7efa199a8abfc56507fd342ae442d886f3e191de
SHA256 7e2a6ca1613c5c9801b33629c1ed4dbecdb3b13a993393a40f67e59f87d8f574
SHA512 f2d65cf877f55858af159d17c6b8f9c9b37ee4aa1030997724cc4ad50db4f8e17e672045fb94f1a83726f01f473862396d8cb9fc4b5885814214cce09bb37f2d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\Telemetry.FailedProfileLocks.txt

MD5 a1d0c6e83f027327d8461063f4ac58a6
SHA1 92cfceb39d57d914ed8b14d0e37643de0797ae56
SHA256 73475cb40a568e8da8a045ced110137e159f890ac4da883b6b17dc651b3a8049
SHA512 39ca7ce9ecc69f696bf7d20bb23dd1521b641f806cc7a6b724aaa6cdbffb3a023ff98ae73225156b2c6c9ceddbfc16f5453e8fa49fc10e5d96a3885546a46ef4

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 012dcae351715b18f6b669c44ed52471
SHA1 6209cf1723abf65761e695f1f5757978e94541eb
SHA256 c49f3587443e58976313d1443ada915318011c0fe8d5f4b3f1006e27b42c0ddf
SHA512 b833d708539a4d9e81083232adc9f2244315911bc10063b0281fdbd8e1c6317f9edb8eabaaabdb42d3582bb0ac61012a7e955bae495222c34712e81ed6c827d8

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 79523ec1e03f8ff4c8ae7435e5abcd54
SHA1 bf33781bc0f3eaf94cf1a9f360b893ff628bd4b9
SHA256 472764510e3430c16d8d6967493cdbfa9fa6ade109c7a793fc384f6ad59e04cc
SHA512 54f18f55c535bb06050e71e5d70ea69d282996a3a54b850ca301ee927f2c72de23165559588cf51852d999b1a7075322c8e5c54ba38c0b208d42675b9bbabdd7

memory/25104-3346-0x0000000000F70000-0x0000000000FE4000-memory.dmp

memory/7792-3345-0x0000000000240000-0x0000000000270000-memory.dmp

memory/7792-3360-0x0000000002970000-0x0000000002A02000-memory.dmp

memory/7792-3358-0x00000000050A0000-0x000000000559E000-memory.dmp

memory/7792-3362-0x0000000000950000-0x000000000095A000-memory.dmp

memory/25104-3363-0x0000000001710000-0x000000000171A000-memory.dmp

memory/5940-3646-0x000001B826590000-0x000001B82659A000-memory.dmp

memory/5940-3647-0x000001B826660000-0x000001B826688000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 ad50d14a45d2e7542f7ed54bd2defd97
SHA1 a430a5f2c1443317b12c8c29b55834ae62988d6d
SHA256 6e9a0406ba78a6f15a34b3de64c1200fa81f2995503b999b459ade07dd16cbca
SHA512 2e3a7994fdbc764a580e97768d01698f3646177aaa4a2fe0ea02160d1fd3da01e5e5c30dcce44e4a923b0da01ae50ad3676f46b08c59a8a564beca5d5f5eca66

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security\securitypack.jar

MD5 4f9f42a2c5524bf0ce187c5dcb517b89
SHA1 b54ff1e485ee0605753e23f254e288f9a79cc59d
SHA256 e271e41f800f3f25e0f9fe212f2e31e6a57b74d28b89fd3425deb42a6a1b411a
SHA512 45eb73dae61b6cb855a33966b6c3f1f064a15714761e3075eda105f72adf3780b05dbfbcca75fb47734ca47bb6abe4a1db075d30b1db748ffca11d9928d6cdbc

C:\ProgramData\Oracle\Java\.oracle_jre_usage\905ebba3a8fc8cc.timestamp

MD5 9f4fa2d7b65f02b040011d498dbaf778
SHA1 e98b710baab79e4448d938703253e3abca37bfbc
SHA256 bd13c12ade30faa860502745cafd70ebe17a81ad66862f473d838da22e2d6e2f
SHA512 88fb1ea84d043a6334061c945ec105dc539ce09240e8c970700f3c1b1b76ac176a3e4d65788c2d5d8b5252e1d510f760f54973ee9469e35a39fd79261a6b00ab

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013_1\OneDrive.exe

MD5 e22475a3a3fd996e6aed8fb344fc1277
SHA1 0702e726df0a403d2a2175ef7d238cb87a32a05f
SHA256 a1fbd37a3f712e6c90a94c35db03190d221cb6bdcb33d71dce3a68db4e88354b
SHA512 726b3615758b47403558ac11419b931cda72c740eabe2b721c4489cfded7cb2982d91be04039244bbc3be610c9cfc12517eb98fcf133f7c96fcb1ff61d413720

memory/14896-4682-0x00000242E4610000-0x00000242E4618000-memory.dmp

C:\Users\Admin\Documents\Scanned Documents\Welcome Scan.jpg

MD5 73d4281e46a68222934403627e5b4e19
SHA1 0f1c29cea7ea24ebb75c95114e0b0d26438e1d39
SHA256 aac4ac970ec47cd95dc7c65d7d38d29c1f948be24d5dad1d5aa21053125367c7
SHA512 bb7aad10e5accd3f5c0f6b2968973034a2f7c2523401eb234b2de0cdad2dc13f4fd58d08ece94ec06420a52b3d371ba832f8fb4741f48799703bdf32a4daf555

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013_1\LogoImages\OneDriveMedTile.contrast-black_scale-100.png

MD5 433d5c9bfe71c70e6bf1f18b7da188f4
SHA1 54f9253621c725ea644b3c2a0a11b0ff6bf8e44c
SHA256 3ba55b200b58756480679cf8b6b98d7b3570f8dfcdb39186f721357da8d8172c
SHA512 49f00fbdd9dfc542a2ac844520d34fdeec927b932fad9910f189c9171d50aa4037f9cfb2e1de778e12ed964adae6d3b3aed60555fcc50712539f2e69fb44da8e

C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

MD5 8d117f0cace088ed532bde151099bfef
SHA1 1d27ba224308ab9dfa08d0b4c19dda4ab47d7e2c
SHA256 3fbe674ede8c7099ba6c316e1e1562c6ebe1f3bbde96276d6676fe4309658c81
SHA512 2560ebd7e040b9b7a3de60d16e00182f2b0fc0c0224125cd9bc6eff0fdcf23aa44c2683d7b1a39a16a5cf7f70cc5dfb84628cbfe6c2e6263e1d2936bf8723cd6

C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

MD5 2018691d6a1b8223a861e603abba2589
SHA1 40a157ea2affcc7cf7b7b19cb8a8fea4e97c837c
SHA256 6727f68585bbf21389c6f0e4805dc7c51af2326179d435d80a9a821b0e214ffa
SHA512 d023d2c0477c37bfe1276c545dc70f970dab416021421a8453ce298d2c091268602933dd7eb10e3e84faa7a9302835582b677e23a08cf8746d5ba7fc95b3a585

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013_1\LogoImages\OneDriveMedTile.contrast-black_scale-125.png

MD5 f837c5aa1f38d8241b28b92d15eebe75
SHA1 9b11b235c11cfce25f1325eba753e469b5d5e74f
SHA256 cc134daaa737e48e0f37ff5bece33e23484c47b55cb6571f3283e73e14f54334
SHA512 c79f1fb011e21555db8d0fb249d37b1cfa31d2c35d1e7e0417035cbaa717174d63d5a535fbaf1578625c50cf2417dae1e0a97e06e8799e53a8af951c1cd6ff19