Malware Analysis Report

2025-03-15 00:57

Sample ID 240626-h644jascrf
Target aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2
SHA256 aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2
Tags
evasion persistence privilege_escalation upx defense_evasion execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2

Threat Level: Likely malicious

The file aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2 was found to be: Likely malicious.

Malicious Activity Summary

evasion persistence privilege_escalation upx defense_evasion execution

Modifies Windows Firewall

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Loads dropped DLL

UPX packed file

Executes dropped EXE

Drops file in Program Files directory

Launches sc.exe

Unsigned PE

Access Token Manipulation: Create Process with Token

Enumerates physical storage devices

Command and Scripting Interpreter: PowerShell

Event Triggered Execution: Netsh Helper DLL

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Runs .reg file with regedit

Checks SCSI registry key(s)

Runs ping.exe

Modifies registry key

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Modifies registry class

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 07:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 07:21

Reported

2024-06-26 07:24

Platform

win7-20240508-en

Max time kernel

139s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

Signatures

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1700 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\system32\cmd.exe
PID 1700 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\system32\cmd.exe
PID 1700 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\system32\cmd.exe
PID 1700 wrote to memory of 2236 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\system32\cmd.exe
PID 1700 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 1700 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 1700 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 1700 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 1700 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp
PID 1700 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp
PID 1700 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp
PID 1700 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp
PID 1700 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe
PID 1700 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe
PID 1700 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe
PID 1700 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe
PID 2056 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 2056 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 2548 wrote to memory of 2488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 2548 wrote to memory of 2488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 2548 wrote to memory of 2488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 2548 wrote to memory of 2488 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 2548 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 2548 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 2548 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 2548 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 2548 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2548 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2548 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2548 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 2548 wrote to memory of 2560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regedit.exe
PID 2548 wrote to memory of 2560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regedit.exe
PID 2548 wrote to memory of 2560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regedit.exe
PID 2548 wrote to memory of 2560 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regedit.exe
PID 2548 wrote to memory of 2240 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2548 wrote to memory of 2240 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2548 wrote to memory of 2240 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2548 wrote to memory of 2240 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 2548 wrote to memory of 3032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 3032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 3032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 3032 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 1700 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 1700 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 1700 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 1700 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 2388 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\system32\cmd.exe
PID 2388 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\system32\cmd.exe
PID 2548 wrote to memory of 884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 884 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 1780 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 1780 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 1780 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 1780 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2548 wrote to memory of 2564 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe

"C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\system32\cmd.exe

cmd.exe /c set

C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe

PECMD**pecmd-cmd* PUTF -dd -skipb=1211904 -len=6075120 "C:\Users\Admin\AppData\Local\Temp\~7623385366678034255.tmp",,C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe

C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp

7zG_exe x "C:\Users\Admin\AppData\Local\Temp\~7623385366678034255.tmp" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~3515270636316872581"

C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe

"C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1254

C:\Windows\SysWOW64\mode.com

mode con: cols=70 lines=15

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe" "C:\Users\Admin\AppData\Local\Temp\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\regedit.exe

regedit.exe /s "C:\AutodeskLicensePatcherUninstaller\Tweak.reg"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /tn "\Microsoft\Windows\Autodesk\Autodesk" /f

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="AutodeskNLM"

C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe

PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~3688250794155520530.cmd"

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\~3688250794155520530.cmd"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Documents\My Music\AddSearch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Documents\My Music\AddSearch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Temp\License_Patcher_Installer_BY_Huangsir.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Temp\ose00000.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Music\AddSearch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Music\AddSearch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\My Documents\My Music\AddSearch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\My Documents\My Music\AddSearch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\7-Zip\7z.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\7-Zip\7z.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\7-Zip\7zFM.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\7-Zip\7zG.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\7-Zip\7zG.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\7-Zip\Uninstall.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\7-Zip\Uninstall.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\DVD Maker\DVDMaker.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\DVD Maker\DVDMaker.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Internet Explorer\iediagcmd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Internet Explorer\ieinstal.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Internet Explorer\ielowutil.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\java.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\java.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\jabswitch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\jabswitch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\java-rmi.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\java-rmi.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\java.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\java.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\javacpl.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\javacpl.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\javaw.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\javaw.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\javaws.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\javaws.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\jp2launcher.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\jp2launcher.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\keytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\keytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\kinit.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\kinit.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\klist.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\klist.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\ktab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\ktab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\orbd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\orbd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\pack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\pack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\policytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\policytool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\rmid.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\rmid.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\rmiregistry.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\rmiregistry.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\servertool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\servertool.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\ssvagent.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\ssvagent.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\tnameserv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\tnameserv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\unpack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\unpack200.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Chess\Chess.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Chess\Chess.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Hearts\Hearts.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Hearts\Hearts.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\crashreporter.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\crashreporter.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\default-browser-agent.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\default-browser-agent.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\maintenanceservice.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\maintenanceservice.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\pingsender.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\pingsender.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\plugin-container.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\plugin-container.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\private_browsing.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\private_browsing.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\updater.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\updater.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\VideoLAN\VLC\uninstall.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\VideoLAN\VLC\vlc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Defender\MpCmdRun.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Defender\MpCmdRun.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Defender\MSASCui.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Defender\MSASCui.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Journal\Journal.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Journal\Journal.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Journal\PDIALOG.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Journal\PDIALOG.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Mail\wab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Mail\wab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Mail\wabmig.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Mail\wabmig.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\setup_wm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\setup_wm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmlaunch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpconfig.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpconfig.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\WMPDMC.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\WMPDMC.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpenc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpenc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmplayer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpnscfg.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmprph.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmprph.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpshare.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpshare.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\WMPSideShowGadget.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\WMPSideShowGadget.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows NT\Accessories\wordpad.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Sidebar\sidebar.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Sidebar\sidebar.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\Install\{5629EE71-1934-428C-A492-DBD2787497EC}\chrome_installer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\Install\{5629EE71-1934-428C-A492-DBD2787497EC}\chrome_installer.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Internet Explorer\ExtExport.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Internet Explorer\ExtExport.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Internet Explorer\ieinstal.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Internet Explorer\ieinstal.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Internet Explorer\ielowutil.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Internet Explorer\ielowutil.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\misc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\misc.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Mail\wab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Mail\wab.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Mail\wabmig.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Mail\wabmig.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Media Player\setup_wm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Media Player\setup_wm.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Media Player\WMPDMC.exe"

Network

N/A

Files

memory/1700-0-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/1700-7-0x0000000002C80000-0x0000000002E5E000-memory.dmp

memory/2916-8-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2916-10-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~7623385366678034255.tmp

MD5 7439d80eedc39c0367ab1dc2c2309cfa
SHA1 a5f7bc49312dda2965541073f67ff13408f1bcee
SHA256 30f44994ef58d376f6f7da5f62e8b4648bc5e66475ab70549283a738b1ee1ed3
SHA512 16535d2ee85bd441ae7c0426ccb83ce3c062804803cf39fde24a344fedccbe113383e5262c808618a73399809251dfe0a84513910e4aadba574295894e61a3a6

\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp

MD5 7c4718943bd3f66ebdb47ccca72c7b1e
SHA1 f9edfaa7adb8fa528b2e61b2b251f18da10a6969
SHA256 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc
SHA512 e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516

C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe

MD5 60e726fb8e7eb17425e60568f710b74f
SHA1 e8ddafcc51307ede4e4a5c6b92838dce15199e6c
SHA256 e4b58a4c7cbe9d9be14add4dba8483409361bba27f58a2c48ae68650096cace2
SHA512 a9653c19d2a73254b5960e3b1fb340283f3e3eb3c789953d44f8ca94c702e118033bc54cdf71bcdeab8ad26d2e971bfc2f856673cb2f393726ff0d75594377c3

memory/2056-29-0x0000000000400000-0x0000000000479000-memory.dmp

memory/1700-28-0x0000000003110000-0x0000000003189000-memory.dmp

C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat

MD5 7ae7e3d9502489fc27d0e32f19da04fa
SHA1 0f5c15ed451e40d80bf2c1038fa4f170faf53f32
SHA256 f7e63bf6d3ea9037514bb0a4bada8c8bc1c6aa51264443c08a007c2e09925ea5
SHA512 2b8a2d4122cb250a43e34a7353a94e56b6b8fdf992e1fbc3a2d452b107d2f265537e4e5a5c82330eb6eb9d4308d32b3dd399c118afceea5d93e0f44d2e4c296e

memory/2056-43-0x0000000000400000-0x0000000000479000-memory.dmp

C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe

MD5 e3a8d815eadccd7c96137c9b3ea7a4a1
SHA1 c0ded2cc9c0c4110d71bb2a816fb41ed4a514c8f
SHA256 bbb6f7c49932a5e09063c808c968e867ff903dee7c71817cfb7ecaeed879d72c
SHA512 77e41521d750a5b2dbada8afa91cc6228ded71f3b75979e4446e458d98c0066c3e03158b452131ccf5031e4f5e47d8bb52dfa62aa1c93183bb97dc563b0fdce7

C:\AutodeskLicensePatcherUninstaller\Tweak.reg

MD5 d13c68da817646e43133b70a66f6a516
SHA1 4188dc3886c3e365ffe2740d844042f31bc61e33
SHA256 33c988b80bd4bb17ba22b5012d3eb05c38666d174e21eef8e21aa942955699b1
SHA512 0b1bfe750f3e63fc4114fa278b0e33ce410b5356b27fb2f4309d749823b0d22f04718b9d19be567e36173ce1ea9d15234cf535f20693c84f844e4047c49b868d

C:\Users\Admin\AppData\Local\Temp\~3688250794155520530.cmd

MD5 b37afac0386570cc29e72ccd0d9be4c4
SHA1 1282a17892f1a0f8396fe58985976268b57161a5
SHA256 076695065c9e356e39305030eeef92eae2dc181237fed55463d5aaa8dff193f7
SHA512 8d6bc84ad32829ce8de12f3fb21d2a0b912b1d7507feb6d8161a33a8efb19978129594d4e4f30a060e85ffe320237596693a6ef2c7d6435b4d2521dab6bcf7a7

memory/1700-60-0x0000000003250000-0x000000000342E000-memory.dmp

memory/2388-62-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/1700-63-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2388-65-0x0000000000400000-0x00000000005DE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-26 07:21

Reported

2024-06-26 07:24

Platform

win10v2004-20240611-en

Max time kernel

142s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

Signatures

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DownloadManager.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_manager.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenuineService.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LogAnalyzer.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcQMod.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADPClientService.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessService.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DownloadManager.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcEventSync.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskIdentityManager.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessCore.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessDialogUtility.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessDialogUtility.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskUpdateCheck.exe C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcQMod.exe C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessServiceHost.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskIdentityManager.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskInstallerUpdateCheck.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenuineService.exe C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcEventSync.exe C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdpSDKUtil.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdpSDKUtil.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessCore.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autodesk Access UI Host.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_helper_tool.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADPClientService.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskInstallerUpdateCheck.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_manager.exe C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdSSO.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskUpdateCheck.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessServiceHost.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autodesk Access UI Host.exe C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LogAnalyzer.exe C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_helper_tool.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdSSO.exe\Debugger = "Blocked" C:\Windows\SysWOW64\regedit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessService.exe C:\Windows\SysWOW64\regedit.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\~435780502668050157\01.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\netapi32.dll C:\Windows\SysWOW64\xcopy.exe N/A
File created C:\Program Files (x86)\Common Files\Autodesk Shared\Adlm\R28\netapi32.dll C:\Windows\SysWOW64\xcopy.exe N/A
File created C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe N/A
File created C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\License.lic C:\Windows\SysWOW64\xcopy.exe N/A
File created C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe C:\Windows\SysWOW64\xcopy.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\Adlm\R28\netapi32.dll C:\Windows\SysWOW64\xcopy.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\License.lic C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe N/A
File created C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe C:\Windows\SysWOW64\xcopy.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe C:\Windows\SysWOW64\xcopy.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\License.lic C:\Windows\SysWOW64\xcopy.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\version.dll C:\Windows\SysWOW64\xcopy.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe C:\Windows\SysWOW64\xcopy.exe N/A
File created C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe C:\Windows\SysWOW64\xcopy.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\netapi32.dll C:\Windows\SysWOW64\xcopy.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe C:\Windows\SysWOW64\xcopy.exe N/A
File created C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\version.dll C:\Windows\SysWOW64\xcopy.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier C:\Windows\SysWOW64\xcopy.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin\shell\runas\command C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin\shell C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin\shell\runas C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin\shell\runas\command\ = "cmd /x /d /r set \"f0=%2\" &call \"%2\" %3" C:\Windows\SysWOW64\reg.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Runs net.exe

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5008 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\SYSTEM32\cmd.exe
PID 5008 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\SYSTEM32\cmd.exe
PID 5008 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 5008 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 5008 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 5008 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp
PID 5008 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp
PID 5008 wrote to memory of 1768 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp
PID 5008 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe
PID 5008 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe
PID 5008 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe
PID 3044 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 3044 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 3044 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe C:\Windows\SysWOW64\cmd.exe
PID 5040 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 5040 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 5040 wrote to memory of 2824 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 5040 wrote to memory of 2920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 5040 wrote to memory of 2920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 5040 wrote to memory of 2920 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 5040 wrote to memory of 4572 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 5040 wrote to memory of 4572 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 5040 wrote to memory of 4572 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\xcopy.exe
PID 5040 wrote to memory of 4312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regedit.exe
PID 5040 wrote to memory of 4312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regedit.exe
PID 5040 wrote to memory of 4312 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regedit.exe
PID 5040 wrote to memory of 4984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 5040 wrote to memory of 4984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 5040 wrote to memory of 4984 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 5040 wrote to memory of 4252 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 5040 wrote to memory of 4252 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 5040 wrote to memory of 4252 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 5040 wrote to memory of 688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 5040 wrote to memory of 688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 5040 wrote to memory of 688 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 688 wrote to memory of 4436 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 688 wrote to memory of 4436 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 688 wrote to memory of 4436 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 5040 wrote to memory of 1968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 1968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 1968 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 3812 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 3812 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 3812 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 4664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 4664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 4664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 1636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 1636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 1636 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 1888 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 1888 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 1888 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 2300 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 2300 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 2300 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 4660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 4660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5040 wrote to memory of 4660 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\taskkill.exe
PID 5008 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 5008 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 5008 wrote to memory of 4192 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PID 4192 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\SYSTEM32\cmd.exe
PID 4192 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe C:\Windows\SYSTEM32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe

"C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c set

C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe

PECMD**pecmd-cmd* PUTF -dd -skipb=1211904 -len=6075120 "C:\Users\Admin\AppData\Local\Temp\~8698895182549500919.tmp",,C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe

C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp

7zG_exe x "C:\Users\Admin\AppData\Local\Temp\~8698895182549500919.tmp" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~2114581554895391527"

C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe

"C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1254

C:\Windows\SysWOW64\mode.com

mode con: cols=70 lines=15

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe" "C:\Users\Admin\AppData\Local\Temp\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\regedit.exe

regedit.exe /s "C:\AutodeskLicensePatcherUninstaller\Tweak.reg"

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /tn "\Microsoft\Windows\Autodesk\Autodesk" /f

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="AutodeskNLM"

C:\Windows\SysWOW64\net.exe

net stop AdskLicensingService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop AdskLicensingService

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingService.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingAgent.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "ADPClientService.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingAnalyticsClient.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingInstHelper.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmgrd.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "adskflex.exe"

C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe

PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~1853039570868713988.cmd"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\~1853039570868713988.cmd"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmutil.exe"

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmtools.exe"

C:\Windows\SysWOW64\msiexec.exe

MsiExec.exe /X {4BE91685-1632-47FC-B563-A8A542C6664C} /qn

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\net.exe

net start AdskLicensingService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start AdskLicensingService

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 2

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe

C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c set

C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe

PECMD**pecmd-cmd* PUTF -dd -skipb=1211904 -len=5130651 "C:\Users\Admin\AppData\Local\Temp\~8385162000178249680.tmp",,C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Users\Admin\AppData\Local\Temp\~7054143802011440890~\sg.tmp

7zG_exe x "C:\Users\Admin\AppData\Local\Temp\~8385162000178249680.tmp" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~435780502668050157"

C:\Users\Admin\AppData\Local\Temp\~435780502668050157\01.exe

"C:\Users\Admin\AppData\Local\Temp\~435780502668050157\01.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\AutodeskLicensePatcherInstaller\AutodeskLicensePatcherInstaller.bat" "

C:\Windows\SysWOW64\chcp.com

chcp 1254

C:\Windows\SysWOW64\mode.com

mode con: cols=70 lines=15

C:\Windows\SysWOW64\net.exe

net stop AdskLicensingService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop AdskLicensingService

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingService.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingAgent.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "ADPClientService.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingAnalyticsClient.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingInstHelper.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmgrd.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "adskflex.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmutil.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmtools.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Powershell -nop -c "Get-WmiObject -Query ' select * from Win32_Product where Name like \"%Autodesk Network License Manager%\" ' | ForEach-Object { ($_).Uninstall()}"

C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe

PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~860854433564844597.cmd"

C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe

PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~8166163836483563823.cmd"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\~8166163836483563823.cmd"

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SYSTEM32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\~860854433564844597.cmd"

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\regedit.exe

regedit.exe /s "C:\AutodeskLicensePatcherInstaller\Files\Tweak\Tweak.reg"

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\adskflex.exe" "C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\lmgrd.exe" "C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\License.lic" "C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\Service\Service.exe" "C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\version.dll" "C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\netapi32.dll" "C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\netapi32.dll" "C:\Program Files (x86)\Common Files\Autodesk Shared\Adlm\R28\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\Tweak\UnNamed.json" "C:\Users\Admin\AppData\Roaming\Autodesk\ADPSDK\UserConsent\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\xcopy.exe

xcopy "C:\AutodeskLicensePatcherInstaller\Files\End_v1.20.exe" "C:\Users\Admin\AppData\Local\Temp\" /Y /K /R /S /H /i

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c Powershell -noprofile -executionpolicy bypass -command "((Get-NetAdapter -Physical | ? PnPDeviceID -match '^PCI|^USB' | Sort PnPDeviceID -Descending).MacAddress | Select -Last 1) -replace '-'"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Powershell -noprofile -executionpolicy bypass -command "((Get-NetAdapter -Physical | ? PnPDeviceID -match '^PCI|^USB' | Sort PnPDeviceID -Descending).MacAddress | Select -Last 1) -replace '-'"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Powershell -Command "(gc License.lic) -replace 'MAC', '76F2F43DF388' | Out-File -encoding ASCII License.lic"

C:\Windows\SysWOW64\sc.exe

sc config "AdskLicensingService" Start= Auto

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Delete /tn "\Microsoft\Windows\Autodesk\Autodesk" /f

C:\Windows\SysWOW64\schtasks.exe

schtasks.exe /Create /XML C:\AutodeskLicensePatcherInstaller\Files\Task\Autodesk.xml /tn "\Microsoft\Windows\Autodesk\Autodesk"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="AutodeskNLM" dir=in action=block profile=any program="C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="AutodeskNLM" dir=in action=block profile=any program="C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="AutodeskNLM" dir=out action=block profile=any program="C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="AutodeskNLM" dir=out action=block profile=any program="C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe"

C:\Windows\SysWOW64\net.exe

net start AdskLicensingService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start AdskLicensingService

C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe

"C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat" "

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 2

C:\Windows\SysWOW64\chcp.com

chcp 1254

C:\Windows\SysWOW64\mode.com

mode con: cols=70 lines=12

C:\Windows\SysWOW64\reg.exe

reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d "cmd /x /d /r set \"f0=%2\" &call \"%2\" %3"

C:\Windows\SysWOW64\fltMC.exe

fltmc

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1 -n 5

C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe

C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c set

C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe

PECMD**pecmd-cmd* PUTF -dd -skipb=782848 -len=3289741 "C:\Users\Admin\AppData\Local\Temp\~5146516017328670896.tmp",,C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe

C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe

"C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe"

C:\Windows\SysWOW64\net.exe

net stop AdskLicensingService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop AdskLicensingService

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingService.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingAgent.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "ADPClientService.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingAnalyticsClient.exe"

C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe

PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~4759736328307723182.cmd"

C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe

PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~2168980586411374262.cmd"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "AdskLicensingInstHelper.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\~2168980586411374262.cmd"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\~4759736328307723182.cmd"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmgrd.exe"

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "adskflex.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmutil.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM "lmtools.exe"

C:\Windows\SysWOW64\net.exe

net start AdskLicensingService

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start AdskLicensingService

C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe

lmgrd.exe -z -c License.lic

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Windows\system32\PING.EXE

ping -n 2 127.0.0.1

C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe

adskflex.exe -T Ejefcdnk 11.16 -1 -c ";License.lic;" -lmgrd_port 6978 -srv KfMHk2F4RaGVMC17NL8lLyFPll18vkkZ7kmxf1579gWuN7tXIdxepkJxlh6rYWp --lmgrd_start 667bc1af -vdrestart 0

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 88.221.83.248:443 www.bing.com tcp
US 8.8.8.8:53 248.83.221.88.in-addr.arpa udp
BE 88.221.83.248:443 www.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
US 152.199.19.74:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
N/A 10.127.1.226:27000 tcp
N/A 10.127.1.226:27001 tcp
N/A 10.127.1.226:27002 tcp
N/A 10.127.1.226:27003 tcp
N/A 10.127.1.226:27004 tcp
N/A 10.127.1.226:27005 tcp
N/A 10.127.1.226:27006 tcp
N/A 10.127.1.226:27007 tcp
N/A 10.127.1.226:27008 tcp
N/A 10.127.1.226:27009 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 10.127.1.226:27000 tcp
N/A 127.0.0.1:50162 tcp
N/A 127.0.0.1:27000 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

memory/5008-0-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4928-8-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~8698895182549500919.tmp

MD5 7439d80eedc39c0367ab1dc2c2309cfa
SHA1 a5f7bc49312dda2965541073f67ff13408f1bcee
SHA256 30f44994ef58d376f6f7da5f62e8b4648bc5e66475ab70549283a738b1ee1ed3
SHA512 16535d2ee85bd441ae7c0426ccb83ce3c062804803cf39fde24a344fedccbe113383e5262c808618a73399809251dfe0a84513910e4aadba574295894e61a3a6

C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp

MD5 7c4718943bd3f66ebdb47ccca72c7b1e
SHA1 f9edfaa7adb8fa528b2e61b2b251f18da10a6969
SHA256 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc
SHA512 e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516

C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe

MD5 60e726fb8e7eb17425e60568f710b74f
SHA1 e8ddafcc51307ede4e4a5c6b92838dce15199e6c
SHA256 e4b58a4c7cbe9d9be14add4dba8483409361bba27f58a2c48ae68650096cace2
SHA512 a9653c19d2a73254b5960e3b1fb340283f3e3eb3c789953d44f8ca94c702e118033bc54cdf71bcdeab8ad26d2e971bfc2f856673cb2f393726ff0d75594377c3

memory/3044-23-0x0000000000400000-0x0000000000479000-memory.dmp

memory/3044-33-0x0000000000400000-0x0000000000479000-memory.dmp

C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat

MD5 7ae7e3d9502489fc27d0e32f19da04fa
SHA1 0f5c15ed451e40d80bf2c1038fa4f170faf53f32
SHA256 f7e63bf6d3ea9037514bb0a4bada8c8bc1c6aa51264443c08a007c2e09925ea5
SHA512 2b8a2d4122cb250a43e34a7353a94e56b6b8fdf992e1fbc3a2d452b107d2f265537e4e5a5c82330eb6eb9d4308d32b3dd399c118afceea5d93e0f44d2e4c296e

C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe

MD5 e3a8d815eadccd7c96137c9b3ea7a4a1
SHA1 c0ded2cc9c0c4110d71bb2a816fb41ed4a514c8f
SHA256 bbb6f7c49932a5e09063c808c968e867ff903dee7c71817cfb7ecaeed879d72c
SHA512 77e41521d750a5b2dbada8afa91cc6228ded71f3b75979e4446e458d98c0066c3e03158b452131ccf5031e4f5e47d8bb52dfa62aa1c93183bb97dc563b0fdce7

C:\AutodeskLicensePatcherUninstaller\Tweak.reg

MD5 d13c68da817646e43133b70a66f6a516
SHA1 4188dc3886c3e365ffe2740d844042f31bc61e33
SHA256 33c988b80bd4bb17ba22b5012d3eb05c38666d174e21eef8e21aa942955699b1
SHA512 0b1bfe750f3e63fc4114fa278b0e33ce410b5356b27fb2f4309d749823b0d22f04718b9d19be567e36173ce1ea9d15234cf535f20693c84f844e4047c49b868d

C:\Users\Admin\AppData\Local\Temp\~1853039570868713988.cmd

MD5 5a050af384d0e0edc5d396c1bad28705
SHA1 15a33c3f999daa8dc7ca2ed6e43edcc368e1b34d
SHA256 d12d2cd1f398206e4c1a6c9bbc865ef7059f6086215677df7833c57dc681ed0f
SHA512 fbe225d1ce2ec1300cd97c25c4c270e34d455f0327de6136423898b339af65a312450e0785da0601c9898d4db0c3a6aa56e46a51f5a47d8550549da7394635f4

memory/5008-51-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4192-53-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/224-57-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~~6988017227386195024.tmp

MD5 1e09851a1278201844c80712c3240d27
SHA1 3e06825af684edc50244c6b02a867f5116f89a2f
SHA256 13d87fc056bc9eace347b377fd3f80aca3fee4fd5ad4b95f4d6f3bff6bf6de9f
SHA512 2703e6c710d32042f30bf08bd4a8417db0c9e587522f9121868129eef6de052f2aa244fd5c00c385cdfbf74bf5682fd78b672345f81992ff005c311aac4e9083

memory/1528-68-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~8385162000178249680.tmp

MD5 42cf049758587e5990d43fa2bb605004
SHA1 136a59233580a8667636920a452f2831c857e655
SHA256 f5d7575faab1d7e8a9d37f5494f3b4fec6098df5e0f5aad4292ecc62d643d5fa
SHA512 185229e016db010cb0103c43fbcb631a34f323118d4337ff3cb553185597993049b1c91900211683f2eb0d766a097775b080f2be991744bf11294ea80b85ab0a

C:\Users\Admin\AppData\Local\Temp\~435780502668050157\01.exe

MD5 39c9a020c4d7c26c76f12087487b739b
SHA1 b3c091d41161f41cd26b014bef4cda46f1006835
SHA256 d461e58a9526e84c7ecb07e668d8ff4872c61f5982afbd4abc0e7bc325cbce71
SHA512 986539f98bb1de3587e4c2f021e818f91b81b3a8abc07c540f6400e4bd8a7b67f25abb658b86d130cd964ae075632b8372578e3cd8ffbee538ba51e295aba23f

memory/808-83-0x0000000000400000-0x0000000000479000-memory.dmp

C:\AutodeskLicensePatcherInstaller\Files\Service\Service.exe

MD5 c944e7122ca3f75139661b05a7985a57
SHA1 c81c57da20bec635193d81e15640eedf6ad0d089
SHA256 87cf3afabac4a8f0881f8c96d5e64b4a8c1a67e05a8351ad9a451c6301fbe5e4
SHA512 727aa0e8c7d6ab16ddfb1cd164d67c3153f98a91c91914c54e74d7a039ae39e464b05d10c8b401d4c8fe8796e5533c7176f953f3a6096c3ea5b76060b26fa815

memory/808-109-0x0000000000400000-0x0000000000479000-memory.dmp

C:\AutodeskLicensePatcherInstaller\AutodeskLicensePatcherInstaller.bat

MD5 c0fe52f2852de17d1834c38d84f34a2b
SHA1 9e39b92117a0b7f4263091fab2fe5c4f408121db
SHA256 633abb77ca7e986388e2b0ae7edde0fb4cd55a8a96a0d6213ff1b9dbf5b92251
SHA512 3c3ddf66b686859e903aa0f9be101db8371a95d42e2b8fdc6ff80d1ae1f29546c7cf82b21ddb24417af756668958b65fe323b4e098d21a1d4038e6875e35fe3c

C:\Users\Admin\AppData\Local\Temp\~8166163836483563823.cmd

MD5 40b5313edcc5a5679355fa4829d18f95
SHA1 05e1bf589535d1676ca740cbfaa94097e10cf35b
SHA256 3b6d4bd1c20d3ee759c25345c2feef9eda75ed1c5a94581eb8f19be342472f9f
SHA512 7293735c3b0521952745e677d3679fd80ee97d5c9bdec305408ee541f73a4870fc5a33927a477d3a89043e2b629fedd9ee8590b9d481a64b3f93fca233cd77bf

C:\Users\Admin\AppData\Local\Temp\~860854433564844597.cmd

MD5 0887ae228a5c2a4fd7bf3f19e1c2516a
SHA1 59cf4742189773a40609b908337d34b5e2eeb2ae
SHA256 3620eb65e3f4ef0af8743d6b24a4e9fd37d78ed46b2070d57e4a79434d8fba8b
SHA512 5cc181c9ce1f5a76f0aa197f2b0ab18dbe2b6c6badbb0d10ae16af2ea827d119d33aff93f76fb71f396ef9d67e131ab9c619830c1dc156e8c6d55cdaa408daf3

memory/2276-137-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/968-139-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/224-140-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4832-143-0x0000000002880000-0x00000000028B6000-memory.dmp

memory/2276-142-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4832-145-0x00000000051B0000-0x00000000057D8000-memory.dmp

memory/4832-146-0x0000000004E80000-0x0000000004EA2000-memory.dmp

memory/4832-148-0x0000000005850000-0x00000000058B6000-memory.dmp

memory/4832-147-0x0000000005120000-0x0000000005186000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1up40uwd.u0d.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4832-158-0x00000000058C0000-0x0000000005C14000-memory.dmp

memory/968-160-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4832-161-0x0000000005D50000-0x0000000005D6E000-memory.dmp

memory/4832-162-0x0000000005D70000-0x0000000005DBC000-memory.dmp

memory/4832-164-0x0000000006D00000-0x0000000006D96000-memory.dmp

memory/4832-165-0x0000000006240000-0x000000000625A000-memory.dmp

memory/4832-166-0x0000000006290000-0x00000000062B2000-memory.dmp

memory/4832-167-0x0000000007350000-0x00000000078F4000-memory.dmp

C:\AutodeskLicensePatcherInstaller\Files\Tweak\Tweak.reg

MD5 2859c8e3c69a5d627c88b6e695ea3a2e
SHA1 9b5b4c7bad2c73968e01979e6ee535d1e43c7b5b
SHA256 c41c2d93ca317cc19aa49c48dcf681d1074dca34695a061202c202be62db3745
SHA512 ef51a88945e123675fe460465e2c97d0a1160d2b7b634a9f169c171d2bfcbd611f73a15a66ae79dcea3c59e54c241e4a386d0fae3ec686bf1b437ce4a63e0d03

C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\adskflex.exe

MD5 e974687b0135a662623056078a8e58e1
SHA1 d448155e737c544e1cce77fc44098809004b93e2
SHA256 82be4ec8ba546ebf1e3448976d06e163e9c4e258301cfceb9ce8a2d76ecbd6ae
SHA512 0c08d1a59692be0d313cfe22384236adc849fa22310afc1e4c680be57058f643309b9db708080cd7e320e22b15e47d5588fd112ada7a0576b908e7ac8d58d8a6

C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\lmgrd.exe

MD5 219f8cebef26f1373062357b2f4a8489
SHA1 c77dfc5aa7b908533b6ecba8d8475dcc3545b416
SHA256 cf025ecfb3556e334dde501b95485998de9e1b6a06ccbd56ffa1345d6b5a3973
SHA512 2f9d50c51c74add14c4a64425e36b4a289da76e85aaf05bd8ef8c421cbaa6811a8f43a23513b40248fe71ae17301e8170625d3a72299a189ca5261d816d6b0ef

C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\License.lic

MD5 b9fb092167f1a4ab64cdd613f9c1b9ed
SHA1 aeabf027798c7859d98789e41b230ec60608ac77
SHA256 716618d1ea8df555a40f792504d40bfe4483c1017497490318c70cb9ab8ee4e4
SHA512 48027ca0684257baf407d8f4db8420151a393b1d49c6dada98df596b64207dde80084794c52a899d79a1f14ad9c02dfd3c02b62122bd89566f176eb67c7fae49

C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\version.dll

MD5 44774fafd716fa45c7a0ccb3b14d59a6
SHA1 9de0f9b49e53a63757a181b235a3e18f6585b75b
SHA256 4739abff4da13a27f2421452007c9d2340bf4f9e9a601ef0ec9f1b9d64d1d365
SHA512 983bd89429c6dbe9ff94f5e4727982e580a4c696a81dab581be701be1600d8eb8bfa00b0e86b4c99bfe4f76ac11ba3bec8fe1138f864668c7ca9e6096c1222fd

C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\netapi32.dll

MD5 5c51cc926c76b23830d27a97445bf734
SHA1 51ebe83a748e2ddae9c20b0e1a66cbe42f846e7d
SHA256 655181d13d9707500bf77ff88b0b6c2595459b475ade7b919a2b1e00402c1ceb
SHA512 ba10db85af29a02c9959d8c107e028879dbb3138443f35ba1512793bf782c1b8191c0aecc0fca447e96fda6daa720bb75ca67fdb29ff2c73b104265d0b53d285

C:\AutodeskLicensePatcherInstaller\Files\Tweak\UnNamed.json

MD5 ba3088f87edfcceb1e084c971db40601
SHA1 ca755bec6d224f4ff0f966e30824bcbb3f5f2f3f
SHA256 e0371582686d18b48edb9e956057b52aa97de8c034ee79aab10ffb5331711651
SHA512 e2a61a4b5e160e85010dc195e0f86561b7479f388237af39bb9d0d1d07aa04320e3c71873f4aea40fb2e80c2803de994d5d87be07244705d0687dfb9833dad68

C:\AutodeskLicensePatcherInstaller\Files\End_v1.20.exe

MD5 abdcd215ed468f7282c196a8a9e473d7
SHA1 5702dc33da4bc58627bfc9e8b36fd8d82dba3dde
SHA256 e4eea94f25d2c1ca619b599da095d6cadf1ada9b1939f064f9e328e40d5f5a0e
SHA512 6fadbc0211a058d730e46345d24fe4af5877d9109a6fd9dd4877c6b6ccd9caaa9fa977a27687a522ff4d1647eeaa0c18a42ef546062d65ad675de0b17276d367

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

MD5 def65711d78669d7f8e69313be4acf2e
SHA1 6522ebf1de09eeb981e270bd95114bc69a49cda6
SHA256 aa1c97cdbce9a848f1db2ad483f19caa535b55a3a1ef2ad1260e0437002bc82c
SHA512 05b2f9cd9bc3b46f52fded320b68e05f79b2b3ceaeb13e5d87ae9f8cd8e6c90bbb4ffa4da8192c2bfe0f58826cabff2e99e7c5cc8dd47037d4eb7bfc6f2710a7

memory/3924-189-0x00000000056E0000-0x0000000005A34000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3c2f4188efbef65bf54e7b2f540dbc61
SHA1 ef3c632489f6cf39a7dea6be18725a2e9d1f50b7
SHA256 4e312fc6407477c26dfe7b6c55f9700ac1505fddfd1cef745522a2e85a795bf1
SHA512 6f5d30ff75556384e867c6c6e398b23700004834e1a996c24a2bdfc2398b59ae49c73e334e407d1b4a041ca8332c38f2ea85d19c71c7ed4da2ab3bd67d5a3866

memory/3924-200-0x0000000005CA0000-0x0000000005CEC000-memory.dmp

memory/3924-201-0x0000000006DF0000-0x0000000006E22000-memory.dmp

memory/3924-202-0x00000000746A0000-0x00000000746EC000-memory.dmp

memory/3924-212-0x0000000006DB0000-0x0000000006DCE000-memory.dmp

memory/3924-213-0x0000000006EE0000-0x0000000006F83000-memory.dmp

memory/3924-214-0x0000000007610000-0x0000000007C8A000-memory.dmp

memory/3924-215-0x0000000006FE0000-0x0000000006FEA000-memory.dmp

memory/3924-216-0x0000000007190000-0x00000000071A1000-memory.dmp

memory/460-227-0x0000000006030000-0x0000000006384000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e47e261d369551a07923436dd83ec0fc
SHA1 f25f354099604c2fe53e193b0a7ea0713b10ac21
SHA256 42d7bad3022852426238758ddb275a943bc612816b4a3e0969a5f96e20a10fe5
SHA512 128a076a3aa574a81643eb66a24db89bb31d62a44926cf4a75bf460186d10f269e6e13a29e0a87a6d13d7a97c9f9bbbff67a3e0d7b52b20533e89bd66b50de9a

C:\AutodeskLicensePatcherInstaller\Files\Task\Autodesk.xml

MD5 dbfed3ff9dc6ca06e2cf0e2e63098d66
SHA1 a698e52c166f5087ee60968a77261c7608e859c5
SHA256 409a178ed9b9c0929fd9f3b8c3a58afd1b3370c53baf49b4956cf9a79f50d398
SHA512 6eef1b9075a683a3eee30fbabed658efc970cdec6a234e60c2739440c7ee2d6a7e6b8f4d68bef9030014685d8a0b3d3d62dd62887e198b4675bd570482400414

memory/3564-236-0x0000000000400000-0x0000000000479000-memory.dmp

memory/3564-242-0x0000000000400000-0x0000000000479000-memory.dmp

C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat

MD5 a293941d12fd22c6703ff1faa4ef8c9f
SHA1 56b93e15f2038f711a2c011593302c772e93434a
SHA256 84ace721357da23f22f0988fbf159f9d97dd75eaf23505937e57b9d443130139
SHA512 fbe0a158855087bf3d9bfdaec97b4c8a9c62e14c70a9e511fe3f02b69ddbab6665ba7a4257ccad6154891a5ede460433af013dac94046a97f76e19df8315ef9a

memory/5068-246-0x0000000000400000-0x000000000057F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~~7961525497489874590.tmp

MD5 25f387629ffbf0bbada23ce1ac1ff26e
SHA1 6a298921bfba0538cbd7efc34adba482cacd2f42
SHA256 5bcec7358d3ce958532585be14c61b2326fc7e43b27958b067501975e0fd8b0c
SHA512 3e8c8ebe5a0622b016c85f97acef6143d0d6350b51206cc4827085c91bd853c770bf8c7488918914f436c780742c5598c379758515c5740b457dadc8e1f6aa02

memory/2148-256-0x0000000000400000-0x000000000057F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~5146516017328670896.tmp

MD5 80ab2f749a3753866a20b5b87375fe43
SHA1 bac069abf966cf486687845c74eed0cf7aee036e
SHA256 8f297022f3ed3288e2f75a8ed590d52dad8b731f074ba0eed4809efc47631fbe
SHA512 2c6095031c9c4245e4d38fd9d4b17373731980c045cd84f7b4587702b553226349af18bea424edfc34a43b0c84470492ade270be671e8af7560d55a091de9b30

C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe

MD5 939261459f9c29343dd1d6bd51f3709e
SHA1 b1110b91465ebc137402a3c30842b0e87e870365
SHA256 b5732ac85589fdbe360af0d41fe4b409796fe414999c785bcf11f9b092ecf028
SHA512 697e447e742854cc4a9111b6451f2eed31d8d87b5db595ac6958ddd4f93110d1ad5e154c01a8b64db1cd7e26dcfffd637e183315a6aeeb7899ebc76c64f321db

memory/4352-270-0x00007FF798F20000-0x00007FF79A15F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~4759736328307723182.cmd

MD5 a7d69eb87901bc1ccc5579345b52d590
SHA1 89976fc37e0b354268f70306c91d4e8a748a506c
SHA256 25116574fb9dfca2eb096bb7ce0a000e19e634422cbf9739f0935f023d8d17e2
SHA512 d1e8830c4c7677ce617730f5458e74d4f470e490c9fe966294d580117ee75b1cd7143c2a549b16aa1d725c4553e5a4f968e4ab2ab8c6f3813ddfc45d5906e3d6

C:\Users\Admin\AppData\Local\Temp\~2168980586411374262.cmd

MD5 8f570c384b39a4f918d7157e2e0a35f1
SHA1 bd38286dd3162dab79ee02ee4490e8e973a1af4f
SHA256 425c65d0f4f503046c42900138c4c4f6597f215533d845cf008c6dfde71f62e5
SHA512 623b9eb35e1ac23468f0721de0e3b43191bd1ce1e3add3e0e1c111f304a78614f57451a912036adfc4cc9b81b63fa3be8d5564e6fce3d7c1b857a0fb908cd6f1

memory/3756-298-0x0000000000400000-0x000000000057F000-memory.dmp

memory/2024-297-0x0000000000400000-0x000000000057F000-memory.dmp

memory/2024-302-0x0000000000400000-0x000000000057F000-memory.dmp

memory/5068-301-0x0000000000400000-0x000000000057F000-memory.dmp

C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\License.lic

MD5 d27a9d59490f3eebba3206a40414b680
SHA1 8531ecec79b8c09a7254bb824d761aaaf86eb46b
SHA256 cac83a6cd63fdc6eb653e2bf222a765e4598b35a15fc5990f98beb5d480ceb3a
SHA512 d915e2456c35aaab9457d3cb489f12f706892522ba26badab88cf167c95504ce12a1467320a03c021ddeb7f035e8d5d476e6c7cedcfea04d744e3fa57fac1180

memory/4352-312-0x00007FF798F20000-0x00007FF79A15F000-memory.dmp