Analysis Overview
SHA256
aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2
Threat Level: Likely malicious
The file aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2 was found to be: Likely malicious.
Malicious Activity Summary
Modifies Windows Firewall
Event Triggered Execution: Image File Execution Options Injection
Checks computer location settings
Loads dropped DLL
UPX packed file
Executes dropped EXE
Drops file in Program Files directory
Launches sc.exe
Unsigned PE
Access Token Manipulation: Create Process with Token
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Event Triggered Execution: Netsh Helper DLL
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Runs .reg file with regedit
Checks SCSI registry key(s)
Runs ping.exe
Modifies registry key
Runs net.exe
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Modifies registry class
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-26 07:21
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-26 07:21
Reported
2024-06-26 07:24
Platform
win7-20240508-en
Max time kernel
139s
Max time network
122s
Command Line
Signatures
Modifies Windows Firewall
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
"C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\system32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PECMD**pecmd-cmd* PUTF -dd -skipb=1211904 -len=6075120 "C:\Users\Admin\AppData\Local\Temp\~7623385366678034255.tmp",,C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
C:\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\~7623385366678034255.tmp" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~3515270636316872581"
C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe
"C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1254
C:\Windows\SysWOW64\mode.com
mode con: cols=70 lines=15
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe" "C:\Users\Admin\AppData\Local\Temp\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\regedit.exe
regedit.exe /s "C:\AutodeskLicensePatcherUninstaller\Tweak.reg"
C:\Windows\SysWOW64\schtasks.exe
schtasks.exe /Delete /tn "\Microsoft\Windows\Autodesk\Autodesk" /f
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="AutodeskNLM"
C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~3688250794155520530.cmd"
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\~3688250794155520530.cmd"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\AppData\Local\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\AppData\Local\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Documents\My Music\AddSearch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Documents\My Music\AddSearch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Application Data\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Temp\License_Patcher_Installer_BY_Huangsir.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Local Settings\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Local Settings\Temp\ose00000.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\Music\AddSearch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\Music\AddSearch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\Admin\My Documents\My Music\AddSearch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\Admin\My Documents\My Music\AddSearch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Application Data\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Documents and Settings\All Users\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Documents and Settings\All Users\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\7-Zip\7z.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\7-Zip\7z.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\7-Zip\7zFM.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\7-Zip\7zFM.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\7-Zip\7zG.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\7-Zip\7zG.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\7-Zip\Uninstall.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\7-Zip\Uninstall.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\DVD Maker\DVDMaker.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\DVD Maker\DVDMaker.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\chrome_proxy.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Internet Explorer\iediagcmd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Internet Explorer\iediagcmd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Internet Explorer\ieinstal.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Internet Explorer\ieinstal.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Internet Explorer\ielowutil.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Internet Explorer\ielowutil.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\java.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\java.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\jabswitch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\jabswitch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\java-rmi.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\java-rmi.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\java.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\java.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\javacpl.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\javacpl.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\javaw.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\javaw.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\javaws.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\javaws.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\jp2launcher.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\jp2launcher.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\keytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\keytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\kinit.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\kinit.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\klist.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\klist.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\ktab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\ktab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\orbd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\orbd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\pack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\pack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\policytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\policytool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\rmid.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\rmid.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\rmiregistry.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\rmiregistry.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\servertool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\servertool.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\ssvagent.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\ssvagent.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\tnameserv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\tnameserv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Java\jre7\bin\unpack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Java\jre7\bin\unpack200.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Chess\Chess.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Chess\Chess.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Hearts\Hearts.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Hearts\Hearts.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\crashreporter.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\crashreporter.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\default-browser-agent.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\default-browser-agent.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\maintenanceservice.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\maintenanceservice.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\minidump-analyzer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\pingsender.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\pingsender.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\plugin-container.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\plugin-container.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\private_browsing.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\private_browsing.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\updater.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\updater.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\VideoLAN\VLC\uninstall.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\VideoLAN\VLC\uninstall.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\VideoLAN\VLC\vlc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\VideoLAN\VLC\vlc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Defender\MpCmdRun.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Defender\MpCmdRun.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Defender\MSASCui.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Defender\MSASCui.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Journal\Journal.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Journal\Journal.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Journal\PDIALOG.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Journal\PDIALOG.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Mail\wab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Mail\wab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Mail\wabmig.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Mail\wabmig.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\setup_wm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\setup_wm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmlaunch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmlaunch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpconfig.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpconfig.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\WMPDMC.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\WMPDMC.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpenc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpenc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmplayer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmplayer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpnscfg.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpnscfg.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmprph.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmprph.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\wmpshare.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\wmpshare.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Media Player\WMPSideShowGadget.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Media Player\WMPSideShowGadget.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows NT\Accessories\wordpad.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files\Windows Sidebar\sidebar.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files\Windows Sidebar\sidebar.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Google\Update\Install\{5629EE71-1934-428C-A492-DBD2787497EC}\chrome_installer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Google\Update\Install\{5629EE71-1934-428C-A492-DBD2787497EC}\chrome_installer.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Internet Explorer\ExtExport.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Internet Explorer\ExtExport.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Internet Explorer\ieinstal.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Internet Explorer\ieinstal.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Internet Explorer\ielowutil.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Internet Explorer\ielowutil.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\misc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\misc.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Mail\wab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Mail\wab.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Mail\wabmig.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Mail\wabmig.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Media Player\setup_wm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Media Player\setup_wm.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Media Player\wmlaunch.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Blocked C:\Program Files (x86)\Windows Media Player\wmpconfig.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="Allowed C:\Program Files (x86)\Windows Media Player\WMPDMC.exe"
Network
Files
memory/1700-0-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1700-7-0x0000000002C80000-0x0000000002E5E000-memory.dmp
memory/2916-8-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2916-10-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~7623385366678034255.tmp
| MD5 | 7439d80eedc39c0367ab1dc2c2309cfa |
| SHA1 | a5f7bc49312dda2965541073f67ff13408f1bcee |
| SHA256 | 30f44994ef58d376f6f7da5f62e8b4648bc5e66475ab70549283a738b1ee1ed3 |
| SHA512 | 16535d2ee85bd441ae7c0426ccb83ce3c062804803cf39fde24a344fedccbe113383e5262c808618a73399809251dfe0a84513910e4aadba574295894e61a3a6 |
\Users\Admin\AppData\Local\Temp\~7628483209931513742~\sg.tmp
| MD5 | 7c4718943bd3f66ebdb47ccca72c7b1e |
| SHA1 | f9edfaa7adb8fa528b2e61b2b251f18da10a6969 |
| SHA256 | 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc |
| SHA512 | e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516 |
C:\Users\Admin\AppData\Local\Temp\~3515270636316872581\60E726FB8E7EB17425E60568F710B74F.exe
| MD5 | 60e726fb8e7eb17425e60568f710b74f |
| SHA1 | e8ddafcc51307ede4e4a5c6b92838dce15199e6c |
| SHA256 | e4b58a4c7cbe9d9be14add4dba8483409361bba27f58a2c48ae68650096cace2 |
| SHA512 | a9653c19d2a73254b5960e3b1fb340283f3e3eb3c789953d44f8ca94c702e118033bc54cdf71bcdeab8ad26d2e971bfc2f856673cb2f393726ff0d75594377c3 |
memory/2056-29-0x0000000000400000-0x0000000000479000-memory.dmp
memory/1700-28-0x0000000003110000-0x0000000003189000-memory.dmp
C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat
| MD5 | 7ae7e3d9502489fc27d0e32f19da04fa |
| SHA1 | 0f5c15ed451e40d80bf2c1038fa4f170faf53f32 |
| SHA256 | f7e63bf6d3ea9037514bb0a4bada8c8bc1c6aa51264443c08a007c2e09925ea5 |
| SHA512 | 2b8a2d4122cb250a43e34a7353a94e56b6b8fdf992e1fbc3a2d452b107d2f265537e4e5a5c82330eb6eb9d4308d32b3dd399c118afceea5d93e0f44d2e4c296e |
memory/2056-43-0x0000000000400000-0x0000000000479000-memory.dmp
C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe
| MD5 | e3a8d815eadccd7c96137c9b3ea7a4a1 |
| SHA1 | c0ded2cc9c0c4110d71bb2a816fb41ed4a514c8f |
| SHA256 | bbb6f7c49932a5e09063c808c968e867ff903dee7c71817cfb7ecaeed879d72c |
| SHA512 | 77e41521d750a5b2dbada8afa91cc6228ded71f3b75979e4446e458d98c0066c3e03158b452131ccf5031e4f5e47d8bb52dfa62aa1c93183bb97dc563b0fdce7 |
C:\AutodeskLicensePatcherUninstaller\Tweak.reg
| MD5 | d13c68da817646e43133b70a66f6a516 |
| SHA1 | 4188dc3886c3e365ffe2740d844042f31bc61e33 |
| SHA256 | 33c988b80bd4bb17ba22b5012d3eb05c38666d174e21eef8e21aa942955699b1 |
| SHA512 | 0b1bfe750f3e63fc4114fa278b0e33ce410b5356b27fb2f4309d749823b0d22f04718b9d19be567e36173ce1ea9d15234cf535f20693c84f844e4047c49b868d |
C:\Users\Admin\AppData\Local\Temp\~3688250794155520530.cmd
| MD5 | b37afac0386570cc29e72ccd0d9be4c4 |
| SHA1 | 1282a17892f1a0f8396fe58985976268b57161a5 |
| SHA256 | 076695065c9e356e39305030eeef92eae2dc181237fed55463d5aaa8dff193f7 |
| SHA512 | 8d6bc84ad32829ce8de12f3fb21d2a0b912b1d7507feb6d8161a33a8efb19978129594d4e4f30a060e85ffe320237596693a6ef2c7d6435b4d2521dab6bcf7a7 |
memory/1700-60-0x0000000003250000-0x000000000342E000-memory.dmp
memory/2388-62-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1700-63-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2388-65-0x0000000000400000-0x00000000005DE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-26 07:21
Reported
2024-06-26 07:24
Platform
win10v2004-20240611-en
Max time kernel
142s
Max time network
146s
Command Line
Signatures
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DownloadManager.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_manager.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenuineService.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LogAnalyzer.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcQMod.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADPClientService.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessService.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DownloadManager.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcEventSync.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskIdentityManager.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessCore.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessDialogUtility.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessDialogUtility.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskUpdateCheck.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcQMod.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessServiceHost.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskIdentityManager.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskInstallerUpdateCheck.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GenuineService.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcEventSync.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdpSDKUtil.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdpSDKUtil.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessCore.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autodesk Access UI Host.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_helper_tool.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ADPClientService.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskInstallerUpdateCheck.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_manager.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdSSO.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskUpdateCheck.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessServiceHost.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autodesk Access UI Host.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LogAnalyzer.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install_helper_tool.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdSSO.exe\Debugger = "Blocked" | C:\Windows\SysWOW64\regedit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdskAccessService.exe | C:\Windows\SysWOW64\regedit.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\~435780502668050157\01.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe | N/A |
Executes dropped EXE
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\netapi32.dll | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Autodesk Shared\Adlm\R28\netapi32.dll | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\License.lic | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\Adlm\R28\netapi32.dll | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\License.lic | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\License.lic | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\version.dll | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\netapi32.dll | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe | C:\Windows\SysWOW64\xcopy.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\version.dll | C:\Windows\SysWOW64\xcopy.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier | C:\Windows\SysWOW64\xcopy.exe | N/A |
Kills process with taskkill
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin\shell\runas\command | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin\shell | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin\shell\runas | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\.Admin\shell\runas\command\ = "cmd /x /d /r set \"f0=%2\" &call \"%2\" %3" | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
"C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PECMD**pecmd-cmd* PUTF -dd -skipb=1211904 -len=6075120 "C:\Users\Admin\AppData\Local\Temp\~8698895182549500919.tmp",,C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\~8698895182549500919.tmp" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~2114581554895391527"
C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe
"C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1254
C:\Windows\SysWOW64\mode.com
mode con: cols=70 lines=15
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe" "C:\Users\Admin\AppData\Local\Temp\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\regedit.exe
regedit.exe /s "C:\AutodeskLicensePatcherUninstaller\Tweak.reg"
C:\Windows\SysWOW64\schtasks.exe
schtasks.exe /Delete /tn "\Microsoft\Windows\Autodesk\Autodesk" /f
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="AutodeskNLM"
C:\Windows\SysWOW64\net.exe
net stop AdskLicensingService
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop AdskLicensingService
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingService.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingAgent.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "ADPClientService.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingAnalyticsClient.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingInstHelper.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmgrd.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "adskflex.exe"
C:\Users\Admin\AppData\Local\Temp\aaf19a7ccba681da963e0eba829ea3401d5e90af106a653088664e4319cfcec2.exe
PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~1853039570868713988.cmd"
C:\Windows\SYSTEM32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\~1853039570868713988.cmd"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmutil.exe"
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmtools.exe"
C:\Windows\SysWOW64\msiexec.exe
MsiExec.exe /X {4BE91685-1632-47FC-B563-A8A542C6664C} /qn
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\net.exe
net start AdskLicensingService
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start AdskLicensingService
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe
C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe
PECMD**pecmd-cmd* PUTF -dd -skipb=1211904 -len=5130651 "C:\Users\Admin\AppData\Local\Temp\~8385162000178249680.tmp",,C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Users\Admin\AppData\Local\Temp\~7054143802011440890~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\~8385162000178249680.tmp" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~435780502668050157"
C:\Users\Admin\AppData\Local\Temp\~435780502668050157\01.exe
"C:\Users\Admin\AppData\Local\Temp\~435780502668050157\01.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\AutodeskLicensePatcherInstaller\AutodeskLicensePatcherInstaller.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1254
C:\Windows\SysWOW64\mode.com
mode con: cols=70 lines=15
C:\Windows\SysWOW64\net.exe
net stop AdskLicensingService
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop AdskLicensingService
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingService.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingAgent.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "ADPClientService.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingAnalyticsClient.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingInstHelper.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmgrd.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "adskflex.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmutil.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmtools.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Powershell -nop -c "Get-WmiObject -Query ' select * from Win32_Product where Name like \"%Autodesk Network License Manager%\" ' | ForEach-Object { ($_).Uninstall()}"
C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe
PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~860854433564844597.cmd"
C:\Users\Admin\AppData\Local\Temp\License_Patcher_Installer_BY_Huangsir.exe
PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~8166163836483563823.cmd"
C:\Windows\SYSTEM32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\~8166163836483563823.cmd"
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\SYSTEM32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\~860854433564844597.cmd"
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\SysWOW64\regedit.exe
regedit.exe /s "C:\AutodeskLicensePatcherInstaller\Files\Tweak\Tweak.reg"
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\adskflex.exe" "C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\lmgrd.exe" "C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\License.lic" "C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\Service\Service.exe" "C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\version.dll" "C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\netapi32.dll" "C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingAgent\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\netapi32.dll" "C:\Program Files (x86)\Common Files\Autodesk Shared\Adlm\R28\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\Tweak\UnNamed.json" "C:\Users\Admin\AppData\Roaming\Autodesk\ADPSDK\UserConsent\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\xcopy.exe
xcopy "C:\AutodeskLicensePatcherInstaller\Files\End_v1.20.exe" "C:\Users\Admin\AppData\Local\Temp\" /Y /K /R /S /H /i
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Powershell -noprofile -executionpolicy bypass -command "((Get-NetAdapter -Physical | ? PnPDeviceID -match '^PCI|^USB' | Sort PnPDeviceID -Descending).MacAddress | Select -Last 1) -replace '-'"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Powershell -noprofile -executionpolicy bypass -command "((Get-NetAdapter -Physical | ? PnPDeviceID -match '^PCI|^USB' | Sort PnPDeviceID -Descending).MacAddress | Select -Last 1) -replace '-'"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Powershell -Command "(gc License.lic) -replace 'MAC', '76F2F43DF388' | Out-File -encoding ASCII License.lic"
C:\Windows\SysWOW64\sc.exe
sc config "AdskLicensingService" Start= Auto
C:\Windows\SysWOW64\schtasks.exe
schtasks.exe /Delete /tn "\Microsoft\Windows\Autodesk\Autodesk" /f
C:\Windows\SysWOW64\schtasks.exe
schtasks.exe /Create /XML C:\AutodeskLicensePatcherInstaller\Files\Task\Autodesk.xml /tn "\Microsoft\Windows\Autodesk\Autodesk"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="AutodeskNLM" dir=in action=block profile=any program="C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="AutodeskNLM" dir=in action=block profile=any program="C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="AutodeskNLM" dir=out action=block profile=any program="C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="AutodeskNLM" dir=out action=block profile=any program="C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe"
C:\Windows\SysWOW64\net.exe
net start AdskLicensingService
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start AdskLicensingService
C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe
"C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat" "
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 2
C:\Windows\SysWOW64\chcp.com
chcp 1254
C:\Windows\SysWOW64\mode.com
mode con: cols=70 lines=12
C:\Windows\SysWOW64\reg.exe
reg add hkcu\software\classes\.Admin\shell\runas\command /f /ve /d "cmd /x /d /r set \"f0=%2\" &call \"%2\" %3"
C:\Windows\SysWOW64\fltMC.exe
fltmc
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 5
C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe
C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe
PECMD**pecmd-cmd* PUTF -dd -skipb=782848 -len=3289741 "C:\Users\Admin\AppData\Local\Temp\~5146516017328670896.tmp",,C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe
C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe
"C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe"
C:\Windows\SysWOW64\net.exe
net stop AdskLicensingService
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop AdskLicensingService
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingService.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingAgent.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "ADPClientService.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingAnalyticsClient.exe"
C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe
PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~4759736328307723182.cmd"
C:\Users\Admin\AppData\Local\Temp\End_v1.20.exe
PECMD**pecmd-cmd* EXEC -wd:C: -hide cmd /c "C:\Users\Admin\AppData\Local\Temp\~2168980586411374262.cmd"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "AdskLicensingInstHelper.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\~2168980586411374262.cmd"
C:\Windows\SYSTEM32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\~4759736328307723182.cmd"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmgrd.exe"
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "adskflex.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmutil.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /F /IM "lmtools.exe"
C:\Windows\SysWOW64\net.exe
net start AdskLicensingService
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start AdskLicensingService
C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe
lmgrd.exe -z -c License.lic
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Windows\system32\PING.EXE
ping -n 2 127.0.0.1
C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe
adskflex.exe -T Ejefcdnk 11.16 -1 -c ";License.lic;" -lmgrd_port 6978 -srv KfMHk2F4RaGVMC17NL8lLyFPll18vkkZ7kmxf1579gWuN7tXIdxepkJxlh6rYWp --lmgrd_start 667bc1af -vdrestart 0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| BE | 88.221.83.248:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 248.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.248:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | evcs-ocsp.ws.symantec.com | udp |
| US | 152.199.19.74:80 | evcs-ocsp.ws.symantec.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| N/A | 10.127.1.226:27000 | tcp | |
| N/A | 10.127.1.226:27001 | tcp | |
| N/A | 10.127.1.226:27002 | tcp | |
| N/A | 10.127.1.226:27003 | tcp | |
| N/A | 10.127.1.226:27004 | tcp | |
| N/A | 10.127.1.226:27005 | tcp | |
| N/A | 10.127.1.226:27006 | tcp | |
| N/A | 10.127.1.226:27007 | tcp | |
| N/A | 10.127.1.226:27008 | tcp | |
| N/A | 10.127.1.226:27009 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 10.127.1.226:27000 | tcp | |
| N/A | 127.0.0.1:50162 | tcp | |
| N/A | 127.0.0.1:27000 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
memory/5008-0-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4928-8-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~8698895182549500919.tmp
| MD5 | 7439d80eedc39c0367ab1dc2c2309cfa |
| SHA1 | a5f7bc49312dda2965541073f67ff13408f1bcee |
| SHA256 | 30f44994ef58d376f6f7da5f62e8b4648bc5e66475ab70549283a738b1ee1ed3 |
| SHA512 | 16535d2ee85bd441ae7c0426ccb83ce3c062804803cf39fde24a344fedccbe113383e5262c808618a73399809251dfe0a84513910e4aadba574295894e61a3a6 |
C:\Users\Admin\AppData\Local\Temp\~6213130066406941959~\sg.tmp
| MD5 | 7c4718943bd3f66ebdb47ccca72c7b1e |
| SHA1 | f9edfaa7adb8fa528b2e61b2b251f18da10a6969 |
| SHA256 | 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc |
| SHA512 | e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516 |
C:\Users\Admin\AppData\Local\Temp\~2114581554895391527\60E726FB8E7EB17425E60568F710B74F.exe
| MD5 | 60e726fb8e7eb17425e60568f710b74f |
| SHA1 | e8ddafcc51307ede4e4a5c6b92838dce15199e6c |
| SHA256 | e4b58a4c7cbe9d9be14add4dba8483409361bba27f58a2c48ae68650096cace2 |
| SHA512 | a9653c19d2a73254b5960e3b1fb340283f3e3eb3c789953d44f8ca94c702e118033bc54cdf71bcdeab8ad26d2e971bfc2f856673cb2f393726ff0d75594377c3 |
memory/3044-23-0x0000000000400000-0x0000000000479000-memory.dmp
memory/3044-33-0x0000000000400000-0x0000000000479000-memory.dmp
C:\AutodeskLicensePatcherUninstaller\AutodeskLicensePatcherUninstaller.bat
| MD5 | 7ae7e3d9502489fc27d0e32f19da04fa |
| SHA1 | 0f5c15ed451e40d80bf2c1038fa4f170faf53f32 |
| SHA256 | f7e63bf6d3ea9037514bb0a4bada8c8bc1c6aa51264443c08a007c2e09925ea5 |
| SHA512 | 2b8a2d4122cb250a43e34a7353a94e56b6b8fdf992e1fbc3a2d452b107d2f265537e4e5a5c82330eb6eb9d4308d32b3dd399c118afceea5d93e0f44d2e4c296e |
C:\AutodeskLicensePatcherUninstaller\License_Patcher_Installer_BY_Huangsir.exe
| MD5 | e3a8d815eadccd7c96137c9b3ea7a4a1 |
| SHA1 | c0ded2cc9c0c4110d71bb2a816fb41ed4a514c8f |
| SHA256 | bbb6f7c49932a5e09063c808c968e867ff903dee7c71817cfb7ecaeed879d72c |
| SHA512 | 77e41521d750a5b2dbada8afa91cc6228ded71f3b75979e4446e458d98c0066c3e03158b452131ccf5031e4f5e47d8bb52dfa62aa1c93183bb97dc563b0fdce7 |
C:\AutodeskLicensePatcherUninstaller\Tweak.reg
| MD5 | d13c68da817646e43133b70a66f6a516 |
| SHA1 | 4188dc3886c3e365ffe2740d844042f31bc61e33 |
| SHA256 | 33c988b80bd4bb17ba22b5012d3eb05c38666d174e21eef8e21aa942955699b1 |
| SHA512 | 0b1bfe750f3e63fc4114fa278b0e33ce410b5356b27fb2f4309d749823b0d22f04718b9d19be567e36173ce1ea9d15234cf535f20693c84f844e4047c49b868d |
C:\Users\Admin\AppData\Local\Temp\~1853039570868713988.cmd
| MD5 | 5a050af384d0e0edc5d396c1bad28705 |
| SHA1 | 15a33c3f999daa8dc7ca2ed6e43edcc368e1b34d |
| SHA256 | d12d2cd1f398206e4c1a6c9bbc865ef7059f6086215677df7833c57dc681ed0f |
| SHA512 | fbe225d1ce2ec1300cd97c25c4c270e34d455f0327de6136423898b339af65a312450e0785da0601c9898d4db0c3a6aa56e46a51f5a47d8550549da7394635f4 |
memory/5008-51-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4192-53-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/224-57-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~~6988017227386195024.tmp
| MD5 | 1e09851a1278201844c80712c3240d27 |
| SHA1 | 3e06825af684edc50244c6b02a867f5116f89a2f |
| SHA256 | 13d87fc056bc9eace347b377fd3f80aca3fee4fd5ad4b95f4d6f3bff6bf6de9f |
| SHA512 | 2703e6c710d32042f30bf08bd4a8417db0c9e587522f9121868129eef6de052f2aa244fd5c00c385cdfbf74bf5682fd78b672345f81992ff005c311aac4e9083 |
memory/1528-68-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~8385162000178249680.tmp
| MD5 | 42cf049758587e5990d43fa2bb605004 |
| SHA1 | 136a59233580a8667636920a452f2831c857e655 |
| SHA256 | f5d7575faab1d7e8a9d37f5494f3b4fec6098df5e0f5aad4292ecc62d643d5fa |
| SHA512 | 185229e016db010cb0103c43fbcb631a34f323118d4337ff3cb553185597993049b1c91900211683f2eb0d766a097775b080f2be991744bf11294ea80b85ab0a |
C:\Users\Admin\AppData\Local\Temp\~435780502668050157\01.exe
| MD5 | 39c9a020c4d7c26c76f12087487b739b |
| SHA1 | b3c091d41161f41cd26b014bef4cda46f1006835 |
| SHA256 | d461e58a9526e84c7ecb07e668d8ff4872c61f5982afbd4abc0e7bc325cbce71 |
| SHA512 | 986539f98bb1de3587e4c2f021e818f91b81b3a8abc07c540f6400e4bd8a7b67f25abb658b86d130cd964ae075632b8372578e3cd8ffbee538ba51e295aba23f |
memory/808-83-0x0000000000400000-0x0000000000479000-memory.dmp
C:\AutodeskLicensePatcherInstaller\Files\Service\Service.exe
| MD5 | c944e7122ca3f75139661b05a7985a57 |
| SHA1 | c81c57da20bec635193d81e15640eedf6ad0d089 |
| SHA256 | 87cf3afabac4a8f0881f8c96d5e64b4a8c1a67e05a8351ad9a451c6301fbe5e4 |
| SHA512 | 727aa0e8c7d6ab16ddfb1cd164d67c3153f98a91c91914c54e74d7a039ae39e464b05d10c8b401d4c8fe8796e5533c7176f953f3a6096c3ea5b76060b26fa815 |
memory/808-109-0x0000000000400000-0x0000000000479000-memory.dmp
C:\AutodeskLicensePatcherInstaller\AutodeskLicensePatcherInstaller.bat
| MD5 | c0fe52f2852de17d1834c38d84f34a2b |
| SHA1 | 9e39b92117a0b7f4263091fab2fe5c4f408121db |
| SHA256 | 633abb77ca7e986388e2b0ae7edde0fb4cd55a8a96a0d6213ff1b9dbf5b92251 |
| SHA512 | 3c3ddf66b686859e903aa0f9be101db8371a95d42e2b8fdc6ff80d1ae1f29546c7cf82b21ddb24417af756668958b65fe323b4e098d21a1d4038e6875e35fe3c |
C:\Users\Admin\AppData\Local\Temp\~8166163836483563823.cmd
| MD5 | 40b5313edcc5a5679355fa4829d18f95 |
| SHA1 | 05e1bf589535d1676ca740cbfaa94097e10cf35b |
| SHA256 | 3b6d4bd1c20d3ee759c25345c2feef9eda75ed1c5a94581eb8f19be342472f9f |
| SHA512 | 7293735c3b0521952745e677d3679fd80ee97d5c9bdec305408ee541f73a4870fc5a33927a477d3a89043e2b629fedd9ee8590b9d481a64b3f93fca233cd77bf |
C:\Users\Admin\AppData\Local\Temp\~860854433564844597.cmd
| MD5 | 0887ae228a5c2a4fd7bf3f19e1c2516a |
| SHA1 | 59cf4742189773a40609b908337d34b5e2eeb2ae |
| SHA256 | 3620eb65e3f4ef0af8743d6b24a4e9fd37d78ed46b2070d57e4a79434d8fba8b |
| SHA512 | 5cc181c9ce1f5a76f0aa197f2b0ab18dbe2b6c6badbb0d10ae16af2ea827d119d33aff93f76fb71f396ef9d67e131ab9c619830c1dc156e8c6d55cdaa408daf3 |
memory/2276-137-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/968-139-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/224-140-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4832-143-0x0000000002880000-0x00000000028B6000-memory.dmp
memory/2276-142-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4832-145-0x00000000051B0000-0x00000000057D8000-memory.dmp
memory/4832-146-0x0000000004E80000-0x0000000004EA2000-memory.dmp
memory/4832-148-0x0000000005850000-0x00000000058B6000-memory.dmp
memory/4832-147-0x0000000005120000-0x0000000005186000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1up40uwd.u0d.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4832-158-0x00000000058C0000-0x0000000005C14000-memory.dmp
memory/968-160-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4832-161-0x0000000005D50000-0x0000000005D6E000-memory.dmp
memory/4832-162-0x0000000005D70000-0x0000000005DBC000-memory.dmp
memory/4832-164-0x0000000006D00000-0x0000000006D96000-memory.dmp
memory/4832-165-0x0000000006240000-0x000000000625A000-memory.dmp
memory/4832-166-0x0000000006290000-0x00000000062B2000-memory.dmp
memory/4832-167-0x0000000007350000-0x00000000078F4000-memory.dmp
C:\AutodeskLicensePatcherInstaller\Files\Tweak\Tweak.reg
| MD5 | 2859c8e3c69a5d627c88b6e695ea3a2e |
| SHA1 | 9b5b4c7bad2c73968e01979e6ee535d1e43c7b5b |
| SHA256 | c41c2d93ca317cc19aa49c48dcf681d1074dca34695a061202c202be62db3745 |
| SHA512 | ef51a88945e123675fe460465e2c97d0a1160d2b7b634a9f169c171d2bfcbd611f73a15a66ae79dcea3c59e54c241e4a386d0fae3ec686bf1b437ce4a63e0d03 |
C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\adskflex.exe
| MD5 | e974687b0135a662623056078a8e58e1 |
| SHA1 | d448155e737c544e1cce77fc44098809004b93e2 |
| SHA256 | 82be4ec8ba546ebf1e3448976d06e163e9c4e258301cfceb9ce8a2d76ecbd6ae |
| SHA512 | 0c08d1a59692be0d313cfe22384236adc849fa22310afc1e4c680be57058f643309b9db708080cd7e320e22b15e47d5588fd112ada7a0576b908e7ac8d58d8a6 |
C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\lmgrd.exe
| MD5 | 219f8cebef26f1373062357b2f4a8489 |
| SHA1 | c77dfc5aa7b908533b6ecba8d8475dcc3545b416 |
| SHA256 | cf025ecfb3556e334dde501b95485998de9e1b6a06ccbd56ffa1345d6b5a3973 |
| SHA512 | 2f9d50c51c74add14c4a64425e36b4a289da76e85aaf05bd8ef8c421cbaa6811a8f43a23513b40248fe71ae17301e8170625d3a72299a189ca5261d816d6b0ef |
C:\AutodeskLicensePatcherInstaller\Files\NetworkLicenseManager\License.lic
| MD5 | b9fb092167f1a4ab64cdd613f9c1b9ed |
| SHA1 | aeabf027798c7859d98789e41b230ec60608ac77 |
| SHA256 | 716618d1ea8df555a40f792504d40bfe4483c1017497490318c70cb9ab8ee4e4 |
| SHA512 | 48027ca0684257baf407d8f4db8420151a393b1d49c6dada98df596b64207dde80084794c52a899d79a1f14ad9c02dfd3c02b62122bd89566f176eb67c7fae49 |
C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\version.dll
| MD5 | 44774fafd716fa45c7a0ccb3b14d59a6 |
| SHA1 | 9de0f9b49e53a63757a181b235a3e18f6585b75b |
| SHA256 | 4739abff4da13a27f2421452007c9d2340bf4f9e9a601ef0ec9f1b9d64d1d365 |
| SHA512 | 983bd89429c6dbe9ff94f5e4727982e580a4c696a81dab581be701be1600d8eb8bfa00b0e86b4c99bfe4f76ac11ba3bec8fe1138f864668c7ca9e6096c1222fd |
C:\AutodeskLicensePatcherInstaller\Files\PatchedFiles\netapi32.dll
| MD5 | 5c51cc926c76b23830d27a97445bf734 |
| SHA1 | 51ebe83a748e2ddae9c20b0e1a66cbe42f846e7d |
| SHA256 | 655181d13d9707500bf77ff88b0b6c2595459b475ade7b919a2b1e00402c1ceb |
| SHA512 | ba10db85af29a02c9959d8c107e028879dbb3138443f35ba1512793bf782c1b8191c0aecc0fca447e96fda6daa720bb75ca67fdb29ff2c73b104265d0b53d285 |
C:\AutodeskLicensePatcherInstaller\Files\Tweak\UnNamed.json
| MD5 | ba3088f87edfcceb1e084c971db40601 |
| SHA1 | ca755bec6d224f4ff0f966e30824bcbb3f5f2f3f |
| SHA256 | e0371582686d18b48edb9e956057b52aa97de8c034ee79aab10ffb5331711651 |
| SHA512 | e2a61a4b5e160e85010dc195e0f86561b7479f388237af39bb9d0d1d07aa04320e3c71873f4aea40fb2e80c2803de994d5d87be07244705d0687dfb9833dad68 |
C:\AutodeskLicensePatcherInstaller\Files\End_v1.20.exe
| MD5 | abdcd215ed468f7282c196a8a9e473d7 |
| SHA1 | 5702dc33da4bc58627bfc9e8b36fd8d82dba3dde |
| SHA256 | e4eea94f25d2c1ca619b599da095d6cadf1ada9b1939f064f9e328e40d5f5a0e |
| SHA512 | 6fadbc0211a058d730e46345d24fe4af5877d9109a6fd9dd4877c6b6ccd9caaa9fa977a27687a522ff4d1647eeaa0c18a42ef546062d65ad675de0b17276d367 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | def65711d78669d7f8e69313be4acf2e |
| SHA1 | 6522ebf1de09eeb981e270bd95114bc69a49cda6 |
| SHA256 | aa1c97cdbce9a848f1db2ad483f19caa535b55a3a1ef2ad1260e0437002bc82c |
| SHA512 | 05b2f9cd9bc3b46f52fded320b68e05f79b2b3ceaeb13e5d87ae9f8cd8e6c90bbb4ffa4da8192c2bfe0f58826cabff2e99e7c5cc8dd47037d4eb7bfc6f2710a7 |
memory/3924-189-0x00000000056E0000-0x0000000005A34000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3c2f4188efbef65bf54e7b2f540dbc61 |
| SHA1 | ef3c632489f6cf39a7dea6be18725a2e9d1f50b7 |
| SHA256 | 4e312fc6407477c26dfe7b6c55f9700ac1505fddfd1cef745522a2e85a795bf1 |
| SHA512 | 6f5d30ff75556384e867c6c6e398b23700004834e1a996c24a2bdfc2398b59ae49c73e334e407d1b4a041ca8332c38f2ea85d19c71c7ed4da2ab3bd67d5a3866 |
memory/3924-200-0x0000000005CA0000-0x0000000005CEC000-memory.dmp
memory/3924-201-0x0000000006DF0000-0x0000000006E22000-memory.dmp
memory/3924-202-0x00000000746A0000-0x00000000746EC000-memory.dmp
memory/3924-212-0x0000000006DB0000-0x0000000006DCE000-memory.dmp
memory/3924-213-0x0000000006EE0000-0x0000000006F83000-memory.dmp
memory/3924-214-0x0000000007610000-0x0000000007C8A000-memory.dmp
memory/3924-215-0x0000000006FE0000-0x0000000006FEA000-memory.dmp
memory/3924-216-0x0000000007190000-0x00000000071A1000-memory.dmp
memory/460-227-0x0000000006030000-0x0000000006384000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e47e261d369551a07923436dd83ec0fc |
| SHA1 | f25f354099604c2fe53e193b0a7ea0713b10ac21 |
| SHA256 | 42d7bad3022852426238758ddb275a943bc612816b4a3e0969a5f96e20a10fe5 |
| SHA512 | 128a076a3aa574a81643eb66a24db89bb31d62a44926cf4a75bf460186d10f269e6e13a29e0a87a6d13d7a97c9f9bbbff67a3e0d7b52b20533e89bd66b50de9a |
C:\AutodeskLicensePatcherInstaller\Files\Task\Autodesk.xml
| MD5 | dbfed3ff9dc6ca06e2cf0e2e63098d66 |
| SHA1 | a698e52c166f5087ee60968a77261c7608e859c5 |
| SHA256 | 409a178ed9b9c0929fd9f3b8c3a58afd1b3370c53baf49b4956cf9a79f50d398 |
| SHA512 | 6eef1b9075a683a3eee30fbabed658efc970cdec6a234e60c2739440c7ee2d6a7e6b8f4d68bef9030014685d8a0b3d3d62dd62887e198b4675bd570482400414 |
memory/3564-236-0x0000000000400000-0x0000000000479000-memory.dmp
memory/3564-242-0x0000000000400000-0x0000000000479000-memory.dmp
C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\Service.bat
| MD5 | a293941d12fd22c6703ff1faa4ef8c9f |
| SHA1 | 56b93e15f2038f711a2c011593302c772e93434a |
| SHA256 | 84ace721357da23f22f0988fbf159f9d97dd75eaf23505937e57b9d443130139 |
| SHA512 | fbe0a158855087bf3d9bfdaec97b4c8a9c62e14c70a9e511fe3f02b69ddbab6665ba7a4257ccad6154891a5ede460433af013dac94046a97f76e19df8315ef9a |
memory/5068-246-0x0000000000400000-0x000000000057F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~~7961525497489874590.tmp
| MD5 | 25f387629ffbf0bbada23ce1ac1ff26e |
| SHA1 | 6a298921bfba0538cbd7efc34adba482cacd2f42 |
| SHA256 | 5bcec7358d3ce958532585be14c61b2326fc7e43b27958b067501975e0fd8b0c |
| SHA512 | 3e8c8ebe5a0622b016c85f97acef6143d0d6350b51206cc4827085c91bd853c770bf8c7488918914f436c780742c5598c379758515c5740b457dadc8e1f6aa02 |
memory/2148-256-0x0000000000400000-0x000000000057F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~5146516017328670896.tmp
| MD5 | 80ab2f749a3753866a20b5b87375fe43 |
| SHA1 | bac069abf966cf486687845c74eed0cf7aee036e |
| SHA256 | 8f297022f3ed3288e2f75a8ed590d52dad8b731f074ba0eed4809efc47631fbe |
| SHA512 | 2c6095031c9c4245e4d38fd9d4b17373731980c045cd84f7b4587702b553226349af18bea424edfc34a43b0c84470492ade270be671e8af7560d55a091de9b30 |
C:\Users\Admin\AppData\Local\Temp\~297125966503959730\End_v1.2.exe
| MD5 | 939261459f9c29343dd1d6bd51f3709e |
| SHA1 | b1110b91465ebc137402a3c30842b0e87e870365 |
| SHA256 | b5732ac85589fdbe360af0d41fe4b409796fe414999c785bcf11f9b092ecf028 |
| SHA512 | 697e447e742854cc4a9111b6451f2eed31d8d87b5db595ac6958ddd4f93110d1ad5e154c01a8b64db1cd7e26dcfffd637e183315a6aeeb7899ebc76c64f321db |
memory/4352-270-0x00007FF798F20000-0x00007FF79A15F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~4759736328307723182.cmd
| MD5 | a7d69eb87901bc1ccc5579345b52d590 |
| SHA1 | 89976fc37e0b354268f70306c91d4e8a748a506c |
| SHA256 | 25116574fb9dfca2eb096bb7ce0a000e19e634422cbf9739f0935f023d8d17e2 |
| SHA512 | d1e8830c4c7677ce617730f5458e74d4f470e490c9fe966294d580117ee75b1cd7143c2a549b16aa1d725c4553e5a4f968e4ab2ab8c6f3813ddfc45d5906e3d6 |
C:\Users\Admin\AppData\Local\Temp\~2168980586411374262.cmd
| MD5 | 8f570c384b39a4f918d7157e2e0a35f1 |
| SHA1 | bd38286dd3162dab79ee02ee4490e8e973a1af4f |
| SHA256 | 425c65d0f4f503046c42900138c4c4f6597f215533d845cf008c6dfde71f62e5 |
| SHA512 | 623b9eb35e1ac23468f0721de0e3b43191bd1ce1e3add3e0e1c111f304a78614f57451a912036adfc4cc9b81b63fa3be8d5564e6fce3d7c1b857a0fb908cd6f1 |
memory/3756-298-0x0000000000400000-0x000000000057F000-memory.dmp
memory/2024-297-0x0000000000400000-0x000000000057F000-memory.dmp
memory/2024-302-0x0000000000400000-0x000000000057F000-memory.dmp
memory/5068-301-0x0000000000400000-0x000000000057F000-memory.dmp
C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\License.lic
| MD5 | d27a9d59490f3eebba3206a40414b680 |
| SHA1 | 8531ecec79b8c09a7254bb824d761aaaf86eb46b |
| SHA256 | cac83a6cd63fdc6eb653e2bf222a765e4598b35a15fc5990f98beb5d480ceb3a |
| SHA512 | d915e2456c35aaab9457d3cb489f12f706892522ba26badab88cf167c95504ce12a1467320a03c021ddeb7f035e8d5d476e6c7cedcfea04d744e3fa57fac1180 |
memory/4352-312-0x00007FF798F20000-0x00007FF79A15F000-memory.dmp