Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016 Ran by Adrian (15-10-2016 20:15:11) Running from C:\Users\Adrian\Desktop\frst Windows 8.1 Pro (Update) (X64) (2015-06-15 20:11:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2425397994-473716014-1509793327-500 - Administrator - Disabled) Adrian (S-1-5-21-2425397994-473716014-1509793327-1001 - Administrator - Enabled) => C:\Users\Adrian Guest (S-1-5-21-2425397994-473716014-1509793327-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.) 7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Aktualizacje NVIDIA 2.13.0.21 (Version: 2.13.0.21 - NVIDIA Corporation) Hidden Ansel (Version: 372.70 - NVIDIA Corporation) Hidden AviSynth+ 0.1.0 r1779 (HKLM-x32\...\{AC78780F-BACA-4805-8D4F-AE1B52B7E7D3}_is1) (Version: 0.1.0.1779 - The Public) Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games) CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform) COMODO Internet Security Premium (HKLM\...\{04833277-EE61-4251-9273-0CF86C0FE710}) (Version: 8.2.0.4792 - COMODO Security Solutions Inc.) CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse) Curse Client (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) DuelystLauncher (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\launcher) (Version: 0.0.10 - Counterplay Games Inc.) Dying Light Demo (HKLM\...\Steam App 381570) (Version: - Techland) ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - ) FileZilla Client 3.21.0 (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse) FLAAS version 1.3 (HKLM-x32\...\FLAAS_is1) (Version: 1.3 - Punigram Co. Ltd.) Free Countdown Timer (HKLM-x32\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 4.0.1.0 - Comfort Software Group) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Git version 2.8.2 (HKLM\...\Git_is1) (Version: 2.8.2 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Gwent (HKLM-x32\...\1853006981_is1) (Version: 2.0.0.1 - GOG.com) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{4188E70A-4D3B-447C-B366-963C9E8B4538}) (Version: 5.0.10.2907 - Intel Corporation) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle) Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - ) Kodi (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\Kodi) (Version: - XBMC-Foundation) Komunikator WTW 1.20.0.4800 (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 1.20.0.4800 - K2T.eu) LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes) Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mi PC Suite (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\MiPhoneManager) (Version: - Xiaomi Inc.) Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) MKVToolNix 9.4.2 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.4.2 - Moritz Bunkus) Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC) Mozilla Firefox 49.0.1 (x86 pl) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 pl)) (Version: 49.0.1 - Mozilla) MPC-HC 1.7.10 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team) NetBalancer (HKLM\...\NetBalancer_is1) (Version: - SeriousBit) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.3 - Black Tree Gaming) Nightly 48.0a1 (x64 en-US) (HKLM\...\Nightly 48.0a1 (x64 en-US)) (Version: 48.0a1 - Mozilla) NoVirusThanks MD5 Checksum Tool v4.0 (HKLM\...\NoVirusThanks MD5 Checksum Tool_is1) (Version: 4.0.0.0 - NoVirusThanks Company Srl) Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.1.0 - Duodian Technology Co. Ltd.) NVIDIA GeForce Experience 3.0.5.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.5.22 - NVIDIA Corporation) NVIDIA Oprogramowanie systemu PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) NVIDIA Sterownik 3D Vision 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation) NVIDIA Sterownik dźwięku HD 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA Sterownik graficzny 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation) NVIDIA Sterownik kontrolera 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA Wirtualny dźwięk Miracast 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 372.70 - NVIDIA Corporation) NvNodejs (Version: 3.0.5.22 - NVIDIA Corporation) Hidden NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden Object Builder (HKLM-x32\...\ObjectBuilder) (Version: 0.3.4 - UNKNOWN) Object Builder (x32 Version: 0.3.4 - UNKNOWN) Hidden OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project) Opera developer 42.0.2374.0 (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\Opera 42.0.2374.0) (Version: 42.0.2374.0 - Opera Software) Oracle VM VirtualBox 5.1.6 (HKLM\...\{EEDDD7E2-A7A2-4FA9-8C32-ADB29A5096FF}) (Version: 5.1.6 - Oracle Corporation) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.96.218.0 - Overwolf Ltd.) Pakiet sterowników systemu Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.) Panel sterowania NVIDIA 372.70 (Version: 372.70 - NVIDIA Corporation) Hidden Pokémon Trading Card Game Online (HKLM-x32\...\{E088F1D8-02DA-4E3F-8B0B-BF48DC807F69}) (Version: 2.37.1 - The Pokémon Company International) PostgreSQL 9.5 (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group) Python 2.7 py2exe-0.6.9 (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\py2exe-py2.7) (Version: - ) Python 2.7 pywin32-220 (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\pywin32-py2.7) (Version: - ) Python 3.5.1 (32-bit) (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation) ReClock (HKLM-x32\...\ReClock) (Version: - SlySoft, Inc.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.9.6 - Rockstar Games) Ruby 2.0.0-p648-x64 (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\{B5BD4615-7C8A-4E50-9179-71B593CA6B67}_is1) (Version: 2.0.0-p648 - RubyInstaller Team) Ruby 2.1.7-p400 (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\{64763A89-6347-43AF-833F-3840615C62AE}_is1) (Version: 2.1.7-p400 - RubyInstaller Team) Screenpresso (HKLM\...\Screenpresso) (Version: 1.6.4.1 - Learnpulse) SHIELD Streaming (Version: 7.1.0310 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.0.5.22 - NVIDIA Corporation) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) SVP 4 Free (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\{2085b040-56c3-4e98-84e9-6f0b7da2210e}) (Version: 4.0 - SVP Team) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios) The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com) The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com) The Witcher 3: Wild Hunt - Krew i Wino (HKLM-x32\...\Blood and Wine_is1) (Version: 1.24.0.0 - GOG.com) The Witcher 3: Wild Hunt - Serca z kamienia (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.24.0.0 - GOG.com) Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.2 - UltraDefrag Development Team) Unity Web Player (HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.24-1 - Bitnami) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2425397994-473716014-1509793327-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2425397994-473716014-1509793327-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2425397994-473716014-1509793327-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2425397994-473716014-1509793327-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2425397994-473716014-1509793327-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-2425397994-473716014-1509793327-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06344ECC-EB50-4680-8AB4-49306620CB54} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {18894A47-3CA1-42A4-9A25-66B628E27F6C} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2016-02-27] () Task: {1B7AA16D-2CFF-4DA5-821B-56B74E4EFFE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-21] (Google Inc.) Task: {25D00292-9A5F-4829-9D44-5D9E68144FC7} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] () Task: {28473D61-6C72-4B55-AB24-40BA3D2F6D30} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2014-11-19] (Realtek Semiconductor) Task: {30B20ECA-AA0E-45C4-8877-3CF8D163824F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-16] (NVIDIA Corporation) Task: {453473FB-E278-4B66-9042-82A11845F1E3} - System32\Tasks\Overwolf Updater Task => C:\Gry\Overwolf\OverwolfUpdater.exe [2016-07-21] (Overwolf LTD) Task: {4E477A0B-FCD9-4A60-8847-FA7B65AF08ED} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-29] (COMODO) Task: {5CBC47CC-1DA3-4138-AB16-0B032CF5EA49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-21] (Google Inc.) Task: {7948412D-1F43-4743-A8D7-9EBE998E99D3} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-28] (COMODO) Task: {7B7A8567-A368-407E-AAAA-D7A40610A549} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-16] (NVIDIA Corporation) Task: {80E7F7C0-8FCA-4109-8831-095271247336} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-04-03] () Task: {862BA212-ED9C-4B44-BBF9-34EAE7F3DA7F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [2016-04-04] (Microsoft Corporation) Task: {9014BCA9-F96D-41CA-A071-EBD0D35F9416} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-10-15] (Piriform Ltd) Task: {92EAF35D-75AA-4D25-8F20-0D1C8A94C52A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-16] (NVIDIA Corporation) Task: {9C6F1569-70D2-4943-8181-1A1605245B13} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-16] (NVIDIA Corporation) Task: {9FD78B12-FAEE-461A-8D70-9E2115EC3D2A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2016-02-27] () Task: {B83DB1E6-AACA-4655-A968-D430B3FC0912} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-28] (COMODO) Task: {C48DA489-6072-4C43-8F8D-BAFFF5284780} - System32\Tasks\Opera scheduled Autoupdate 1462285875 => C:\Users\Adrian\AppData\Local\Programs\Opera developer\launcher.exe [2016-10-07] (Opera Software) Task: {CAFFE634-6B70-40A5-B54C-9C4C03668633} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-16] (NVIDIA Corporation) Task: {D5C19906-1151-494E-94D1-714B83D6D5FC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-11] (Intel Corporation) Task: {D63FB7B4-988A-42EC-8AE3-C1958CDDE85C} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-29] (COMODO) Task: {E31A8A0B-CEB9-4252-91E5-F368026B57E7} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-29] (COMODO) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Adrian\Desktop\run.bat — skrót.lnk -> C:\Windows\System32\drivers\etc\run.bat () ShortcutWithArgument: C:\Users\Adrian\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 32-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Adrian\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86" ShortcutWithArgument: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Adrian\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" amd64" ShortcutWithArgument: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ Compiler Package for Python 2.7\Visual C++ 2008 64-bit Cross Tools Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k ""C:\Users\Adrian\AppData\Local\Programs\Common\Microsoft\Visual C++ for Python\9.0\vcvarsall.bat" x86_amd64" ==================== Loaded Modules (Whitelisted) ============== 2014-05-01 16:13 - 2016-07-21 07:38 - 00592384 _____ () C:\Users\Adrian\AppData\Local\MEGAsync\ShellExtX64.dll 2016-08-23 15:05 - 2016-08-23 15:05 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-01-08 23:02 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2015-12-09 10:06 - 2016-01-31 21:07 - 00019456 _____ () C:\Program Files\K2T\WTW\libCryptoLayer.module 2015-12-09 10:06 - 2016-01-31 21:07 - 00088064 _____ () C:\Program Files\K2T\WTW\libCryptoWtw.module 2015-12-09 10:06 - 2016-01-31 21:07 - 00577024 _____ () C:\Program Files\K2T\WTW\libImage.module 2015-12-09 10:06 - 2016-01-31 21:08 - 00555008 _____ () C:\Program Files\K2T\WTW\libSQ3.module 2015-12-09 10:06 - 2016-01-31 21:07 - 00092160 _____ () C:\Program Files\K2T\WTW\libZlib.module 2015-12-09 10:06 - 2016-01-31 21:07 - 00129024 _____ () C:\Program Files\K2T\WTW\libExpat.module 2016-05-13 09:06 - 2015-08-26 10:40 - 00078336 _____ () C:\Program Files\PostgreSQL\9.5\bin\ZLIB1.dll 2015-12-09 10:06 - 2016-01-31 21:08 - 00442880 _____ () C:\Program Files\K2T\WTW\libLexer.module 2016-03-15 17:15 - 2016-03-15 17:15 - 00177664 _____ () c:\users\adrian\appdata\roaming\.wtw\profiles\lati\Plugins64\sounds.plug 2015-12-09 10:06 - 2016-01-31 21:08 - 00014336 _____ () C:\Program Files\K2T\WTW\libWin8.module 2011-05-31 08:38 - 2011-05-31 08:38 - 00062976 _____ () C:\Windows\SYSTEM32\bdmpega64.acm 2016-10-15 19:26 - 2016-10-15 19:26 - 00380928 _____ () C:\Users\Adrian\Downloads\0h7bwhic.exe 2015-06-16 16:42 - 2016-09-08 05:14 - 00784672 _____ () C:\Gry\Steam\SDL2.dll 2015-06-16 16:42 - 2016-09-01 03:02 - 04969248 _____ () C:\Gry\Steam\v8.dll 2015-06-16 16:42 - 2016-10-13 03:58 - 02321696 _____ () C:\Gry\Steam\video.dll 2015-06-16 16:42 - 2016-09-01 03:02 - 01563936 _____ () C:\Gry\Steam\icui18n.dll 2015-06-16 16:42 - 2016-09-01 03:02 - 01195296 _____ () C:\Gry\Steam\icuuc.dll 2015-06-16 16:42 - 2016-01-27 09:49 - 02549760 _____ () C:\Gry\Steam\libavcodec-56.dll 2015-06-16 16:42 - 2016-01-27 09:49 - 00491008 _____ () C:\Gry\Steam\libavformat-56.dll 2015-06-16 16:42 - 2016-01-27 09:49 - 00332800 _____ () C:\Gry\Steam\libavresample-2.dll 2015-06-16 16:42 - 2016-01-27 09:49 - 00442880 _____ () C:\Gry\Steam\libavutil-54.dll 2015-06-16 16:42 - 2016-01-27 09:49 - 00485888 _____ () C:\Gry\Steam\libswscale-3.dll 2015-06-16 16:42 - 2016-10-13 03:58 - 00836896 _____ () C:\Gry\Steam\bin\chromehtml.DLL 2016-03-09 01:21 - 2016-07-05 00:17 - 00266560 _____ () C:\Gry\Steam\openvr_api.dll 2016-07-21 07:37 - 2016-07-21 07:37 - 00482304 _____ () C:\Users\Adrian\AppData\Local\MEGAsync\libsodium.dll 2016-10-14 19:26 - 2016-08-04 22:56 - 49825056 _____ () C:\Gry\Steam\bin\cef\cef.winxp\libcef.dll 2014-05-01 16:15 - 2016-07-21 07:38 - 00564224 _____ () C:\Users\Adrian\AppData\Local\MEGAsync\ShellExtX32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\install.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\HelpPane.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\nircmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\NvContainerRecovery.bat:$CmdTcID [64] AlternateDataStreams: C:\Windows\py.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\pyw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\regedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\vVX1000.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\write.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acledit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adhapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AdmTmpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adrclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\adsnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\advpack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aecache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AepRoam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\alg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AltTab.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppIdPolicyEngineApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appmgmts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appsruprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppXDeploymentExtensions.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\at.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AtBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atlthunk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\attrib.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\auditcse.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuditNativeSnapIn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuditPolicyGPInterop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthFWGP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\AuthFWWizFwk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AutoWorkplaceN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\avicap32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AviSynth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\avrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AxInstUI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\baaupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\backgroundTaskHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdaplgin.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdechangepin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BdeHdCfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BdeHdCfgLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bderepair.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BdeSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BdeUISrv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bidispl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BioCredProv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BitLockerWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BitLockerWizardElev.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\blb_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\boot-config.cmd:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\boot-off.cmd:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\boot-on.cmd:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootexctrl.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bootim.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootsect.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\brdgcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bridgeunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BrokerLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthHFSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthpanapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\BthpanContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthSQM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\btpanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BWContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cacls.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CallButtons.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CallButtons.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CameraSettingsUIHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\capisp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrvps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certCredProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnrollCtrl.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfmifsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\change.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chcp.com:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chglogon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chgport.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chgusr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chkdsk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chkntfs.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chkwudrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CIRCoInst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clbcatq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cleanmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cliconfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cliconfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clip.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CloudNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clrhost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmcfg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmdext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmdkey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmlua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmpbk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmstplua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cngcredui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cnvfat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cofire.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cofiredm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\colbact.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\colorcpl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\colorui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\compact.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompMgmtLauncher.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompPkgSup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\compstui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ComputerDefaults.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comrepl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ConnectedAccountState.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ConsentUX.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\console.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\control.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\convert.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\correngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CredentialMigrationHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CredentialUIBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptcatsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cryptdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypttpmeksvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptuiwizard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptxml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CscMig.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ctfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cttune.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cttunesvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cVX1000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d8thk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dabapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DAConn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafupnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafWfdProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DAFWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DAMM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\datusage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davhlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbnetlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbnmpntw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dcomcnfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DDACLSys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddodiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DDOIProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DDORes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddpchunk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddptrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddputils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddp_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddrawex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DefaultDeviceManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DefaultPrinterProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Defrag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\defragproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\defragsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deskadp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deskmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevDispItemProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceElementSource.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceProperties.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deviceregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceSetupManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceSetupStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceUxRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevIL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevPropMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfdts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DFDWiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DfpCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DfsShlEx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dialer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\difxapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dimsjob.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dinput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dinput8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskcomp.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskcopy.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskcopy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Dism.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DismApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dispci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dispdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dispex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DisplaySwitch.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dllhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dllhst3g.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmdlgs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmintf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmloader.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmocx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DMRServer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmvdsitf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmview.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnshc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsrslvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\docprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\doskey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Dot3Conn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3dlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3gpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3hc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3mm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DpiScaling.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\driverquery.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drtprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drttransport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dsdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dskquota.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DsmUserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsparse.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsquery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsrole.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dssec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dssenh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Dsui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dswave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dtsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dvdplay.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dvdupgrd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWWIN.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxgwdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Dxpserver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxva2.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Eap3Host.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapprovp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EAPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\easconsent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EaseOfAccessDialog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\easinvoker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\easinvoker.proxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efsadu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efslsaext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efsui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorAuthn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ELSCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elshyph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elslad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\embeddedapplauncher.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EmbeddedAppLauncherConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\energyprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\energytask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eqossnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esentprf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EventAggregation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eventcls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eventcreate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eventvwr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\expand.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ext-ms-win-kernel32-package-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ext-ms-win-session-winsta-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\f3ahvoas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FdDevQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdPHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdPnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FDResPub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdWNet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhautoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhcat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhcleanup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhengine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhevents.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhlisten.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhmanagew.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhshl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhsrchapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhsrchph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\fhsvcctl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhtask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\find.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Firewall.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fltLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fltMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Fondue.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontview.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\forfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\format.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\frprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fsavailux.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fsutilext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fthsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fvecerts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveprompt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveskybackup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOMPOSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSROUTE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSST.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXST30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSUTILITY.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gacinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gcdef.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GeofenceMonitorService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\getmac.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\getuname.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\glcndFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\glmf32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\globinputhost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\glu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpprefcl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpprnext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gptext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Groupinghc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\grpconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hcproviders.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hdwwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\help.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HelpPaneProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hhctrl.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hibernate4win.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hidphone.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hnetmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hotplug.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hotspotauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpprxp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\htui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hwrcomp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hwrreg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ias.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icacls.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icfupgd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icmui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IconCodecService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icsunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IdListen.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\idndl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IDStore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IEAdvpack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iexpress.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ifsutilx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igdDiag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imaadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imgutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InfDefaultInstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InputSwitch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsicpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsicpl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsied.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\itss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iuilp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jnwmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\joy.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDRUM.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDTT102.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KdsCli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kd_02_8086.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\keepaliveprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernelceip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KeyboardFilterCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KeyboardFilterSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\keyiso.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\keymgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\klist.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kmddsp.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ktmutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ktmw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\l2gpstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\label.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LangCleanupSysprepAction.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LAPRXY.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LaunchTM.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LCCoin32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LcProxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\licmgr10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\linkinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\livessp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LldpNotify.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lltdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lltdsvc.dll:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\lmhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\loadperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LocationNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Locator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LockScreenContent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LockScreenContentHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\loghours.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logoff.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpkinstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpksetupproxyserv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaintenanceUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MbaeParserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MbaeXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mbussdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcicda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciwave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\McxDriv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MDMAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mdminst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MdRes.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MemoryDiagnostic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mf3216.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfAACEnc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfcsubs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfdvdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mgmtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mibincodec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\microsoft-windows-kernel-power-events.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\microsoft-windows-system-events.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\migflt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\miguiresource.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mimofcodec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MirrorDrvCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\miutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mlang.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmcbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmcshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmcss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mode.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\montr_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\more.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mot_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mountvol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mpnotify.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MrmIndexer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msaatext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msacm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msauserext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscat32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msched.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MSchedExe.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctfime.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdadiag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdart.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdelta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtckrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtclog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeedsbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msg711.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msgsm32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshta.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsiCofire.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msidcrl40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msident.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msidle.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiltcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiwer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mskeyprotcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mskeyprotect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msls31.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msoeacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msoert2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mspatcha.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mspatchc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msports.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msra.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrdc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssha.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssip32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msTextPrediction.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcirt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcp120_clr0400.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcr120_clr0400.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB70011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB7001E.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB70404.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB70804.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mswmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtstocom.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mtxdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MUILanguageCleanup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NapiNSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\napipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NAPMONTR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NAPSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nbtstat.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NcaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NcaSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncbservice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NcdAutoSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncpa.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncuprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nddeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndfetw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndfhcdiscovery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndiscapCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndishc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NdisImPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nduprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\negoexts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\net.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbios.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetEvtFwdr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Netplwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netprofm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netprofmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netprovisionsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netsh.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetVscCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetworkStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NL7Data0011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NL7Data001E.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NL7Data0404.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NL7Data0804.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlahc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlmsprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0002.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0003.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0007.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData000a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData000c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData000d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData000f.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0010.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0018.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData001a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData001b.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData001d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0020.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0021.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0022.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0024.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0026.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0027.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData002a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0039.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData003e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0045.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0046.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0047.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0049.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData004a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData004b.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData004c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData004e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0414.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0416.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0816.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData081a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0c1a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Nlsdl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\normaliz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\npmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntlanui2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvapi64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvaudcaparm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvd3dumx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvdispco6436496.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvdispco6437270.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvdispgenco6436496.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvdispgenco6437270.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvEncodeAPI64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvfatbinaryLoader.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NvFBC64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvhdagenco6420103.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvhdap64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NvIFR64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvinitx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvmcumd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvmcvadgenco64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvoglshim64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvoglv64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvptxJitCompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvumdshimx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nvwgf2umx.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcad32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcbcp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcconf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\OEMLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ogldrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\oleacchooks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oledlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpenAL32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpenCL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\openfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\opengl32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OptionalFeatures.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osbaseln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OskSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osuninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\P2P.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\p2pnetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\panmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PATHPING.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pautoenr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcacli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcaui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PCPTpm12.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcwrun.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcwutl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PeerDist.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PeerDistAD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PeerDistCacheProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PeerDistCleaner.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PeerDistHttpTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PeerDistSh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PeerDistSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PeerDistWSDDiscoProv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\perfctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PhotoMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PickerHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PING.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\playlistfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlaySndSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlayToStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ploptin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pmcsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pngfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnpclean.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnppolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnpts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PNPXAssocPrx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnrpauto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Pnrphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnrpnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnrpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pots.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ppcsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\print.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintBrmUi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintDialogHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printfilterpipelineprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintIsolationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\procinst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profsvcext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provthrd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityCommonPal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityRtapiPal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityServicePal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityUxHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prvdmofcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PSHED.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pstorec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pwlauncher.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pwlauncher.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pwsso.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qappsrv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qcCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qmgrprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qprocess.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\query.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quser.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qwave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qwinsta.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\radardt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\radarrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasauto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rascfg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\raschapext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\raserver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasmbmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RASMM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasmxs.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rasphone.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdbui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpclip.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpinput.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RdpSa.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RdpSaProxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RdpSaPs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RdpSaUacHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdrleakdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RDSAppXHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdsdwmdr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RDSPnf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdvvmtransport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgentTask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recimg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recover.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RecoveryDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RegCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regedt32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regidle.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regini.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Register-CimProvider.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regsvr32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\remotesp.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RemoveDeviceElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\replace.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\reset.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RestoreOptIn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rfxvmt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rgb9rast.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RmClient.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rnr20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RoamingSecurity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RotMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcEpMap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcNs4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcnsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcPing.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RstrtMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\runas.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RunLegacyCPLElevated.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RuntimeBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rwinsta.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sccls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scripto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrnsave.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrptadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdhcinst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdiageng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdiagnhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdiagprv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdiagschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SecEdit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensorsClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sensrsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\serialui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\serwvdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sessionmsg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SetNetworkLocation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SetProxyCredential.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setspn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingsHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingSyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setx.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sfc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sfc_os.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shpafact.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shrpubw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shutdown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\signdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sigverif.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SimCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SkyDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SkyDriveTelemetry.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SlideToShutDown.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\slpts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartCardSimulator.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartScreenSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smbwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\snmpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\snmptrap.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SNTSearch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\softpub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sort.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SortServer2003Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SortWindows61.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SortWindows6Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SoundRecorder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spcompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spfileq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SPInf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spmpm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppcomapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppsvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppwinob.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlcecompact40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlceoledb40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlceqp40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlcese40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srmclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srmscan.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srmshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srmstormod.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srmtrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srm_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SrpUxNativeSnapIn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SrTasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srumapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srumsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sscoreext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ssdpapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ssdpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sstpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Startupscan.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\stclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sti.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StikyNot.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sti_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StorageContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SubscriptionMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\subst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\svchost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\svsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxshared.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxsstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxstrace.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncHostps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncInfrastructure.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SyncInfrastructureps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Syncreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syskey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerClient.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systeminfo.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesComputerName.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesHardware.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesPerformance.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesProtection.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesRemote.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettings.Handlers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systray.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\t2embed.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Tabbtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabbtnEx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapi3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapilua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TapiMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapiperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TapiSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TapiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskhostex.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskkill.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tasklist.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TaskSchdPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcmsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TcpipSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpmib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tdc.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\telephon.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TetheringIeProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TetheringMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TetheringStation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\themeservice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\threadpoolwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ThumbnailExtractionHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeDateMUICallback.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\timeout.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeSyncTask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tpmcompc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TpmInit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TpmTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tpmvsc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tpmvscmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TRACERT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tree.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\trkwks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tscfgwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSChannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tscon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsdiscon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tskill.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\TtlsAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TtlsCfg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\TtlsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tvratings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\txflog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\txfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ucmhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ud-boot-time.cmd:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\udefrag-dbg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\udefrag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uexfat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ufat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UI0Detect.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uicom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uireng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umdmxfrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpowmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umrdp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uniplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ureg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\url.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userinitext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserLanguageProfileCallback.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserLanguagesCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ustprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uudf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UXInit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uxtheme.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VaultCmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VaultRoaming.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsbas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsldr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vds_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\verclsid.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\verifier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\verifier.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vidcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\virtdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VscMgrPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vssadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vulkaninfo.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vVX1000.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\VX1000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\w32topl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WABSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\waitfor.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WallpaperHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcmcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WcnApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Websocket.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wephostsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wercplsupport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werdiagcontroller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wextract.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WfHC.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\where.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\whhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\whoami.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiaacmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiadss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wiascanprofiles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiashext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiatrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wimserv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Portable.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Renewal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.Proximity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Storage.Compression.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.System.Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgrade.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeResults.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\windowslivelogin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winethc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinFax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininitext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Winlangdb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winlogonext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winmmbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinMsoIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinOpcIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinRtTracing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsockhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WINSRPC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WinSyncMetastore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSyncProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinUSBCoInstaller2.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wisp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\witnesswmiv2provider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkspbroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkspbrokerAx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlandlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanext.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WLanHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WlanRadioManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidcredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidfdp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlrmdr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WlS0WndH.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmcodecdspps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdmlog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdmps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmiclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wmidcom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmidx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmiprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmitomi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmsgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmvdspa.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WofTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WofUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\workerdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WorkFolders.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WorkfoldersControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WorkFoldersGPExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WorkFoldersRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WorkFoldersShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\workfolderssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wowreg32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnsruprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wrap_oal.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\write.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2help.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSClient.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WSCollect.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDPrintProxy.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDScanProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wship6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSHTCPIP.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsock32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSReset.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFx02000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUSettingsProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WWanHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wwanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WwanRadioManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_8.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\xcopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XInput1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XInput9_1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xmlprovi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XPSSHHDR.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xpssvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwizards.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\xwreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwtpdui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwtpw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\acledit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ActionCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ActionCenterCPL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\actxprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AdmTmpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adrclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsldpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\advpack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Apphlpdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appmgmts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ARP.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\at.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AtBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\attrib.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuditNativeSnapIn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuditPolicyGPInterop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthFWGP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\authz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autochk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autoconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autofmt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avicap32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avisynth.dll.svp4backup:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\basecsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bdaplgin.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bidispl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BioCredProv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bootcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bthudtask.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\btpanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BWContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cacls.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\capisp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrvps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certCredProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certreq.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfmifsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chcp.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chkdsk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chkntfs.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cipher.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clbcatq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cleanmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clip.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CloudNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clrhost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmcfg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmdext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmdial32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmdkey.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmlua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmmon32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmpbk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmstplua.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cngcredui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cnvfat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\colbact.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\colorcpl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\colorui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\compact.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CompPkgSup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\compstui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ComputerDefaults.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comrepl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\connect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\console.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\control.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\convert.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptuiwizard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptxml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cttune.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cttunesvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10core.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dim700.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dramp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dxof.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dabapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dataclen.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davhlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbnetlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbnmpntw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dcomcnfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DDACLSys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ddodiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DDOIProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DDORes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ddrawex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\deskadp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\deskmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceProperties.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceUxRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevIL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DfsShlEx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dialer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\difxapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dimsjob.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dinput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dinput8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskcomp.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Dism.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DismApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dispex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DisplaySwitch.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dllhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dllhst3g.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmband.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmcompos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmdlgs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmime.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmintf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmloader.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmocx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmstyle.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmsynth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmusic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmvdsitf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmview.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dnsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\docprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\doskey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3dlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3gpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3hc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapimig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DpiScaling.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\driverquery.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drtprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drttransport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dskquota.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsound.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsparse.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsprop.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dsquery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsrole.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dssec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dssenh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Dsui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dswave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dtsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dvdplay.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dvdupgrd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWWIN.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxva2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eapprovp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EAPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efsadu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efsui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EhStorAuthn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ELSCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\elshyph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\elslad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eqossnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\es.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esentprf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eventcls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eventcreate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eventvwr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\expand.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-kernel32-package-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-networking-wcmapi-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ext-ms-win-session-winsta-l1-1-0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\f3ahvoas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Faultrep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdBth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdBthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FdDevQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdPnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdSSDP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdWNet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\feclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\find.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\findnetprinters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\finger.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FirewallAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fltLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fltMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Fondue.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontview.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\forfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\format.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\frprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fsutilext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fundisc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSCOMEX.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSEXT32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSXP32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GameMon.des:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gcdef.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GdiPlus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\getmac.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\getuname.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\glcndFilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\glmf32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GlobCollationHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\globinputhost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\glu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpprefcl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpprnext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpresult.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\grpconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hcproviders.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\help.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hgcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\hhctrl.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hidphone.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hidserv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hnetmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\HOSTNAME.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\htui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ias.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasads.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iashlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IasMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iaspolcy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iassdo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iassvcs.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\icacls.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icmui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IconCodecService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icsunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\idndl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IDStore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IEAdvpack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iepeers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iesysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iexpress.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ifmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ifsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ifsutilx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imaadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imgutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InputSwitch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inseng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ipconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iprtrmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ipsecsnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir32_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir41_32.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir41_qc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir41_qcx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir50_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir50_qc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir50_qcx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\irclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\irprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsied.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsium.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\itircl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\itss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\joy.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDRUM.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDTT102.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kernel.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KeyboardFilterCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\keyiso.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\keymgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kmddsp.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\korwbrkr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ktmutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ktmw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\l2gpstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\l2nacp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\L2SecHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\l3codeca.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\l3codecp.acm:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\label.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LAPRXY.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LaunchTM.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LcProxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\licmgr10.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\linkinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\loadperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LocationNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\loghours.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Magnify.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mbussdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mcicda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciseq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciwave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mdminst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mf3216.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfAACEnc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mfcore.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mfcsubs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfdvdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mftranscode.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mgmtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mibincodec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\midimap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\migisol.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\miguiresource.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mimofcodec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\miutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mlang.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmcbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmci.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mmcico.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmcndmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmcshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mode.com:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\modemui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\more.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mountvol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MRINFO.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MrmIndexer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msaatext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msacm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msacm32.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscandui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mscat32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscpxl32.dLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctfime.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctfui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdadiag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdart.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdelta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdtcprx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdtcuiu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeedsbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msfeedssync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msftedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msg711.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msgsm32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshta.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msidcrl40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msident.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msidle.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiltcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimtf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msinfo32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msisip.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msiwer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msls31.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msoeacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msoert2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mspatcha.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mspatchc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msports.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrdc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msscript.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssha.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssip32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingFacility.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcirt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcp120_clr0400.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcp60.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcr120_clr0400.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB70011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB7001E.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB70404.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB70804.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtstocom.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxlegih.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NapiNSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\napipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NAPMONTR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NAPSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NcaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NcdProp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncpa.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nddeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndfetw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndiscapCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndishc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\negoexts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\net.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netbios.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcfgx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netlogon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Netplwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netprofm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netprovisionsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netsh.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NETSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\networkitemfactory.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\newdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\newdev.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NL7Data001E.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0404.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0804.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlhtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlmsprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0002.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0003.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0007.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData000a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData000c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData000d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData000f.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0010.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0018.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData001a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData001b.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData001d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0020.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0021.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0022.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0024.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0026.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0027.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData002a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0039.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData003e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0045.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0046.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0047.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0049.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData004a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData004b.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData004c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData004e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0414.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0416.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0816.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData081a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0c1a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Nlsdl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\normaliz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\npmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nshhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntlanui2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntmarta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvcompiler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvcuda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvcuvid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvd3dum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvEncodeAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvfatbinaryLoader.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NvFBC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NvIFR.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\NvIFROpenGL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvinit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvoglshim32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvoglv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvopencl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvptxJitCompiler.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\nvStreaming.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvumdshim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nvwgf2um.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\occache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcad32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcbcp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcji32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oddbse32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odexl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odfox32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odpdx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odtext32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OEMLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\offfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ogldrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleacchooks.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olecli32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oledlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleprn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olesvr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpenAL32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpenCL.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\openfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\opengl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osbaseln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OskSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osuninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\P2P.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\P2PGraph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\p2pnetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\panmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PATHPING.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pautoenr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pcacli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pcaui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pcaui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PCPTpm12.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PeerDist.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PeerDistSh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\photowiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PickerHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PING.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\playlistfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlaySndSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pngfilt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\pnrpnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pots.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powrprof.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\print.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PrintConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\printui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prnntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\profapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\provthrd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prvdmofcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pstorec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\puiapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\puiobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qmgrprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qwave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\radardt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\radarrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasadhlp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID [32] AlternateDataStreams: C:\Windows\SysWOW64\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rascfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\raschapext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasdiag.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rasdial.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\raserver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasmontr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasmxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasphone.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasplap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RdpSa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RdpSaProxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RdpSaPs.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdrleakdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdvvmtransport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\recover.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\reg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RegCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regedt32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regini.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Register-CimProvider.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regsvr32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rekeywiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\remotesp.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\replace.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RestoreOptIn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RmClient.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rnr20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ROUTE.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RpcNs4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcnsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RpcPing.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rsaenh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RstrtMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rtffilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\runas.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sbeio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scksp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scripto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrnsave.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrptadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdiageng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdiagnhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdiagprv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SecEdit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SensApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\serialui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\serwvdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SessEnv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SettingMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SettingSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncHost.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setx.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sfc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sfc_os.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SHCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shpafact.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shrpubw.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shutdown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\signdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SimCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\slc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\slpts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SMBHelperClass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\snmpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\softkbd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\softpub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sort.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SortWindows61.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spfileq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SPInf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sppc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwinsat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlcecompact40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlceoledb40.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\sqlceqp40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlcese40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srmclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srmscan.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srmshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srmstormod.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srmtrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srm_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srumapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srumsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ssdpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Startupscan.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\stclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sti.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\stobject.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\Storprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StructuredQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\subst.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\svchost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxshared.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxsstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxstrace.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncHostps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\Syncreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syskey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sysmon.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\systeminfo.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\systray.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\t2embed.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapi3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapiperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TapiSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TapiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskkill.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tasklist.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TaskSchdPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcmsetup.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\tcpmib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TCPSVCS.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tdc.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\telephon.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\themecpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\themeui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\timeout.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tpmcompc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TpmInit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TRACERT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tree.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSChannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSTheme.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\TtlsAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TtlsCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TtlsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tvratings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\txflog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\txfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ucmhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\udhisapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\uexfat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ufat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uicom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uireng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ulib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\umdmxfrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uniplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unregmp2.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\untfs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ureg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\url.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usbperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usbui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserAccountBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\usercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\userinitext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ustprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Utilman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uudf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UXInit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uxtheme.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vcamp140.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vdmdbg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vds_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\verclsid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\verifier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\verifier.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\version.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vidcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\virtdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VscMgrPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vssadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo-1-1-0-11-1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vulkaninfo.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vVX1000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VX1000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\w32topl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WABSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\waitfor.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wcmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WcnApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webcheck.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Websocket.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wecapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wecutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\werdiagcontroller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WerFault.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WerFaultSecure.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wermgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wevtapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wevtfwd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wevtutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wextract.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wfdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WfHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\where.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\whhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\whoami.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiaacmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiaaut.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiadss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiascanprofiles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiashext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiatrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wimgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\windowslivelogin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinFax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininitext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Winlangdb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winmmbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrnr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrs.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrscmd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrshost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSCard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsockhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winspool.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WINSRPC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSyncProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winusb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wisp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlandlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanext.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanmsm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlansec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\Wldap32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlgpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidcredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidfdp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WlS0WndH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMASF.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmcodecdspps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdmlog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdmps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmiclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmidcom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmidx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmiprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmitomi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmsgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmvdspa.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WorkFoldersRes.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wowreg32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\write.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2help.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscisvif.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSClient.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wscproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSDApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsdchngr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshcon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wship6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsnmp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsock32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xcopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XInput1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XInput9_1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xmlfilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xmlprovi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xpsrchvw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XPSSHHDR.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xpssvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwizards.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwtpdui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwtpw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\zipfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\agilevpn.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\BasicRender.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\BtaMPM.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\clfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\csc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dumpfve.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fileinfo.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fsdepends.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\intelpep.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\IPMIDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ipnat.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\luafv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mcaudrv_x64.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mcdevice.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mcvidrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\motoandroid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mouhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mpsdrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msgpioclx.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mslldp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndiscap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndistapi.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Ndu.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netbios.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\netr7364.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\netvsc63.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nsiproxy.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvhda64v.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nvvadarm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\qcusbser.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\qwavedrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rasacd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rdyboost.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\refs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rootmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\scfilter.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sdstor.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\SerCx2.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\SplitCamAudio.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\splitcam_hd_driver.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\stornvme.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\storvsp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tbs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\UCX01000.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\USBXHCI.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetLwf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VerifierExt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmbkmcl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vpci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\VX1000.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wanarp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\watchdog.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wfplwfs.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wimmount.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wof.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wpcfltr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\xusb22.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\Adrian\Desktop\closevlc.bat:$CmdTcID [64] AlternateDataStreams: C:\Users\Adrian\Desktop\index.html:$CmdZnID [26] AlternateDataStreams: C:\Users\Adrian\Desktop\playlist(1).m3u8:$CmdTcID [64] AlternateDataStreams: C:\Users\Adrian\Desktop\playlist(1).m3u8:$CmdZnID [26] AlternateDataStreams: C:\Users\Adrian\Downloads\0h7bwhic.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Adrian\AppData\Roaming\gameboxsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Adrian\AppData\Roaming\inst.exe:$CmdTcID [64] AlternateDataStreams: C:\ProgramData\empty.ico:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02494708.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29158755.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02494708.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29158755.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2016-10-09 06:02 - 00517723 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 atlas.aamedia.ro 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 www2.a-counter.kiev.ua 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl 0.0.0.0 ad2games.com 0.0.0.0 ads.ad2games.com 0.0.0.0 content.ad20.net 0.0.0.0 core.ad20.net There are 12381 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2425397994-473716014-1509793327-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Tapeta pulpitu.bmp DNS Servers: 8.8.8.8 - 8.8.6.6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BRSptStub => 2 MSCONFIG\Services: BstHdAndroidSvc => 3 MSCONFIG\Services: BstHdLogRotatorSvc => 3 MSCONFIG\Services: BstHdUpdaterSvc => 3 MSCONFIG\Services: cmdvirth => 3 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: Droid4XService => 2 MSCONFIG\Services: GalaxyClientService => 3 MSCONFIG\Services: GalaxyCommunication => 3 MSCONFIG\Services: GamingApp_Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: ICCS => 3 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: ISCTAgent => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: Motorola Device Manager => 2 MSCONFIG\Services: MSIBIOSData_CC => 3 MSCONFIG\Services: MSIClock_CC => 3 MSCONFIG\Services: MSICOMM_CC => 3 MSCONFIG\Services: MSICPU_CC => 3 MSCONFIG\Services: MSICTL_CC => 2 MSCONFIG\Services: MSIDDR_CC => 3 MSCONFIG\Services: MSISMB_CC => 3 MSCONFIG\Services: MSISuperIO_CC => 3 MSCONFIG\Services: MSI_LiveUpdate_Service => 2 MSCONFIG\Services: NetBalancerService => 2 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NvContainerNetworkService => 3 MSCONFIG\Services: NVIDIA Wireless Controller Service => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: OverwolfUpdater => 3 MSCONFIG\Services: postgresql-x64-9.5 => 2 MSCONFIG\Services: PST Service => 2 MSCONFIG\Services: rpcapd => 3 MSCONFIG\Services: SbieSvc => 2 MSCONFIG\Services: Service KMSELDI => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: SuperRAIDSvc => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: XTU3SERVICE => 2 HKLM\...\StartupApproved\StartupFolder: => "Universal Media Server.lnk" HKLM\...\StartupApproved\Run: => "ISCT Tray" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "VX1000" HKLM\...\StartupApproved\Run32: => "Live Update" HKLM\...\StartupApproved\Run32: => "Command Center" HKLM\...\StartupApproved\Run32: => "Fast Boot" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "LifeCam" HKLM\...\StartupApproved\Run32: => "Aeria Ignite" HKLM\...\StartupApproved\Run32: => "Ad Muncher" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKLM\...\StartupApproved\Run32: => "ISCT Tray" HKLM\...\StartupApproved\Run32: => "VX1000" HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\StartupFolder: => "AudioSwitch.lnk" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "AirDroid 3" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "FlashGet 3" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "NetBalancer" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "SandboxieControl" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "GalaxyClient" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "FlashPlayerUpdate" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "FreeCT" HKU\S-1-5-21-2425397994-473716014-1509793327-1001\...\StartupApproved\Run: => "MiPhoneManager" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{C0E69C91-F619-436A-B778-36CF16A5FD37}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{E7796718-562A-4E10-B684-F9A964DF8CEC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{7F734156-0672-4413-985F-D2C67F854B8F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3F3FB4CE-6DD3-43DA-BD3E-DE86ABA65602}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{1DD64FC4-8A1F-46C4-94E7-2722149A0B9A}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe FirewallRules: [UDP Query User{701FB017-D87B-4241-8111-58BC9A4D66A8}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe FirewallRules: [{B3508411-B821-45A9-AB2A-960B4E643349}] => (Allow) C:\Gry\Battle.net\Battle.net.exe FirewallRules: [{6E277BD6-B039-4EBF-AAE2-C84D534A1E1B}] => (Allow) C:\Gry\Battle.net\Battle.net.exe FirewallRules: [{D454DD3E-E630-4C0E-AEB1-D3613D17CAE9}] => (Allow) C:\Gry\Steam\Steam.exe FirewallRules: [{330F541D-C9D8-4033-A765-4B82A0008848}] => (Allow) C:\Gry\Steam\Steam.exe FirewallRules: [{A6ED7520-36E7-49C0-83E6-FB901B62C05D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{CF02864E-4BED-46F7-8D2E-D8213AEF856E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [TCP Query User{E1023DC0-3AFD-47A7-84E9-DD72F26E61B2}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe FirewallRules: [UDP Query User{58F5B2DB-4040-44A2-966E-364A4BD95025}C:\program files\java\jdk1.7.0_79\bin\java.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\java.exe FirewallRules: [{E9CEFDCF-A599-4E18-8FAE-BEE97E9BA261}] => (Allow) C:\Gry\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe FirewallRules: [{1B53C397-9D5A-49E0-9192-BC51BA0C9417}] => (Allow) C:\Gry\Steam\steamapps\common\Batman Arkham Knight\Binaries\Win64\BatmanAK.exe FirewallRules: [{91BEE79B-3AB9-4CA5-A8C4-343097C96961}] => (Allow) C:\Gry\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{E9DF7AD3-7AF8-4767-920A-D6DD0AA05F9A}] => (Allow) C:\Gry\Steam\steamapps\common\Terraria\Terraria.exe FirewallRules: [{4A1A57C8-B946-4197-85D0-6D76BA4C5BE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{56C67AF9-6BCB-46E9-A053-620D1B8DC630}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{67A5C446-07A4-4CC7-9700-18E81820F42C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{10AC49A2-6689-410B-9544-6278C81ADAD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{FDC3D0DE-EB42-4B8D-92FD-BC3E411395E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{104644A2-DD7D-451F-A7A4-4A459841D6DE}C:\gry\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\gry\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [UDP Query User{94884539-3D39-4393-A1F4-ADAD60E26006}C:\gry\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\gry\steam\steamapps\common\terraria\terrariaserver.exe FirewallRules: [{BFC7DD6F-68AE-465E-82E7-BD766C11E0CC}] => (Allow) C:\Gry\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [{4AAC1897-2527-4465-8E1A-AF528009F932}] => (Allow) C:\Gry\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe FirewallRules: [TCP Query User{13958DF4-2AD2-4EF4-AE40-48808790E5A6}C:\gry\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\gry\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{94A61570-41D0-470F-AC05-627DFA60F466}C:\gry\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\gry\steam\steamapps\common\grand theft auto v\gta5.exe FirewallRules: [{4A8DE89F-23D2-4DD3-B686-E28345FAEC0F}] => (Allow) C:\Gry\Star Wars-The Old Republic\launcher.exe FirewallRules: [{10E5EAEF-F0E3-481D-BA94-37FE5932C956}] => (Allow) C:\Gry\Star Wars-The Old Republic\launcher.exe FirewallRules: [{5CBA1FA6-4B62-48AF-94D3-2350DC4EF2A2}] => (Allow) C:\Gry\Star Wars-The Old Republic\launcher.exe FirewallRules: [{A57E09A8-2683-428A-A460-2F71027DA8D1}] => (Allow) C:\Gry\Star Wars-The Old Republic\launcher.exe FirewallRules: [TCP Query User{47BA43AC-6A70-466D-8F10-6A491B4A62B4}C:\rtmpdump\rtmpsuck.exe] => (Allow) C:\rtmpdump\rtmpsuck.exe FirewallRules: [UDP Query User{203AC05B-4FD4-421E-8D57-13EE28895533}C:\rtmpdump\rtmpsuck.exe] => (Allow) C:\rtmpdump\rtmpsuck.exe FirewallRules: [TCP Query User{0580C2F4-0BC9-4B85-B39A-B049FE284CAD}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe FirewallRules: [UDP Query User{64095E76-2EFC-44C1-BDA7-86753F2A915F}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe FirewallRules: [TCP Query User{E115FF06-51F3-45ED-AE7D-62223E29F089}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [UDP Query User{CA4DBC16-3FA1-49A2-A857-A60B0736CD10}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe FirewallRules: [{732D26FD-24DD-4334-A520-0DE11B23763B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0A9AC7B8-0E0B-417B-B7CD-5ECDA10B997C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3AFCED1A-BFE8-42CB-B0AF-E11427A6E392}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{5506FB7B-45E6-4E90-BBED-7579AB58573C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe FirewallRules: [{00E8B156-EFAA-4B26-BF17-9175EF5E3D31}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{2AB30374-7F73-44E8-B183-B6EB448C111C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe FirewallRules: [{D8E3F2B8-8C9F-4D1C-B6CA-60F4540A3671}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{EA50B7EE-0D6C-4E44-BDCF-7DF9435663A7}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe FirewallRules: [{B1D67CBA-A6BC-4F03-8BFA-A1BBBCD8575C}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{7A5CA07C-A27F-4871-928F-35900399B26A}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe FirewallRules: [{A6583DC0-7A8F-468A-A333-C82672655BFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C8686C06-54BE-436C-8E36-87E21ED164B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2CF0B3F7-D14D-452F-9C05-D65A8198AD1C}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3610BF81-1B53-4174-AFAA-8A879FB3B38C}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CE9AF5FE-3CEB-4F02-8528-1F7C254B05E8}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BF4C4166-3DDF-4C90-8413-09F1FE31B40B}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{93012FB1-C305-4807-B874-C016451F8D22}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{46D50E5F-4818-4B4F-A94A-F848313901E3}] => (Allow) C:\Users\Adrian\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{CBE41C5B-E541-4A49-9DC6-DAB340982FB9}C:\users\adrian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\adrian\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{A911DF71-2A36-47B4-AC69-DD2645F87FBD}C:\users\adrian\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\adrian\appdata\local\akamai\netsession_win.exe FirewallRules: [{C175C279-5111-4E0F-B52E-C5A68665587B}] => (Allow) C:\Users\Adrian\AppData\Local\Popcorn Time\node-webkit\popcorn time.exe FirewallRules: [{491E3337-EEDC-489A-9797-4E54FACD7978}] => (Allow) C:\Users\Adrian\AppData\Local\Popcorn Time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{2FED55E8-B826-4BBC-8BE8-4805FE39F1CC}C:\gry\hearthstone\hearthstone.exe] => (Allow) C:\gry\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{6FE44DEA-C70D-4FA5-9C90-B10C3BA2190B}C:\gry\hearthstone\hearthstone.exe] => (Allow) C:\gry\hearthstone\hearthstone.exe FirewallRules: [{2B2DA75A-DFAF-484D-BED7-77644DEC1CB0}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{D3F883C6-B4C0-427A-BE95-919F403AA193}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [TCP Query User{30F21AEF-683A-4E85-A273-77ABFC584F32}C:\users\adrian\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\adrian\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe FirewallRules: [UDP Query User{F5926A0D-DAA9-4ED4-8686-B8FC2CD18869}C:\users\adrian\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\adrian\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe FirewallRules: [{4460C1F0-D017-4F63-B9AA-B1A7EEBABAFB}] => (Allow) C:\Program Files\Oracle\VirtualBox\vboxheadless.exe FirewallRules: [{8FB4AC08-A5F9-496D-AC49-9ADA578525FB}] => (Allow) C:\Gry\Steam\steamapps\common\DDDA\DDDA.exe FirewallRules: [{7C9EAF58-7ED9-41D7-AE63-CBDFF2991E93}] => (Allow) C:\Gry\Steam\steamapps\common\DDDA\DDDA.exe FirewallRules: [TCP Query User{69E9618C-377C-4D5E-80D5-EF5912B88DD5}C:\gry\scrap mechanic v0.1.14\release\scrapmechanic.exe] => (Allow) C:\gry\scrap mechanic v0.1.14\release\scrapmechanic.exe FirewallRules: [UDP Query User{FC285F98-4FBA-4AF3-8CA8-FEC62055E6B5}C:\gry\scrap mechanic v0.1.14\release\scrapmechanic.exe] => (Allow) C:\gry\scrap mechanic v0.1.14\release\scrapmechanic.exe FirewallRules: [{787C8FD1-B342-4E25-ACC4-BDD1FC5CC059}] => (Allow) C:\Gry\Steam2\Steam.exe FirewallRules: [{A6F9C716-C8A0-472F-B9A5-74E74C21395F}] => (Allow) C:\Gry\Steam2\Steam.exe FirewallRules: [{AF179183-3410-408A-93FA-EFCF73121BAB}] => (Allow) C:\Gry\Steam2\bin\steamwebhelper.exe FirewallRules: [{87829F4E-734D-4125-9F80-494FD42F4EC5}] => (Allow) C:\Gry\Steam2\bin\steamwebhelper.exe FirewallRules: [{D66F6FC6-A967-424E-8436-5CB611C6DC47}] => (Allow) C:\Gry\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe FirewallRules: [{D27A32F9-2C64-4EFE-9F34-D82EE0D65156}] => (Allow) C:\Gry\Steam\steamapps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2016.exe FirewallRules: [TCP Query User{C95A2384-7483-4F82-8FCC-7EFA86D765A0}C:\rtmpdump\rtmpsrv.exe] => (Allow) C:\rtmpdump\rtmpsrv.exe FirewallRules: [UDP Query User{863C7193-120A-443E-AFF6-53C7BB75453E}C:\rtmpdump\rtmpsrv.exe] => (Allow) C:\rtmpdump\rtmpsrv.exe FirewallRules: [{C1C646FE-1493-46AC-B950-07732A355189}] => (Allow) C:\Gry\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [{FFBED3F7-3870-4DD5-BD4F-F9CBAAFF9581}] => (Allow) C:\Gry\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe FirewallRules: [TCP Query User{708AB863-D518-4A55-9A52-DB7F6471D823}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{C3A03423-9619-4CE8-B8A1-1834E3C04966}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [{3FD27B42-199E-47E0-8F04-578B72857E4A}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{2A246845-F824-4B8E-851A-861D2DDA773D}] => (Allow) C:\Program Files\Nightly\firefox.exe FirewallRules: [{9A7DDA5A-A158-4777-8E83-D67B96E1FE66}] => (Allow) LPort=9 FirewallRules: [{13DCD618-657E-423F-8A46-CEDB86037E9C}] => (Allow) C:\Gry\Steam2\steamapps\common\Dying Light Demo\DyingLightDemo.exe FirewallRules: [{DAF25B23-C42D-4662-BBCD-17336F038473}] => (Allow) C:\Gry\Steam2\steamapps\common\Dying Light Demo\DyingLightDemo.exe FirewallRules: [{02FCD28B-BA18-4E66-B583-7A482DD9E18B}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{DEA0D554-39FB-4825-AE29-E9F074298374}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{8E0B8C10-6B3B-47B1-BEC3-AF5D54FADEFB}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe FirewallRules: [{7F631E76-8005-4FDC-A313-1F0F508C6F50}] => (Allow) C:\Gry\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe FirewallRules: [{D58DDA4F-F252-499B-99E5-0A56BDB64547}] => (Allow) C:\Gry\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe FirewallRules: [{B598EB61-9A74-4C93-8C20-ED04D6C9F9C9}] => (Allow) C:\Gry\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{D3066718-26C2-4F59-8B75-DE24F1890EBA}] => (Allow) C:\Gry\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{2601EFDB-B60E-4ECB-BE74-F8E72EE5F0E1}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{C06BA2FF-BFA6-4D78-8206-B7FD11B265CA}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{5DC4D5C2-13C8-4680-B2A3-EB331C60F610}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{FE04EAEC-A0E3-4A52-9A45-73DAAECF46BD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{FBD72FAC-B135-452C-9B95-519E52C9148A}] => (Allow) C:\Users\Adrian\AppData\Local\MiPhoneManager\main\MiPCSuite.exe FirewallRules: [{FC67E5C3-8FA1-4B52-B855-3AB0680E674D}] => (Allow) C:\Gry\Steam2\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{DD1CDF6E-1D11-4A91-BB20-05FCE9CC3C53}] => (Allow) C:\Gry\Steam2\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{0000583B-8B1B-4C81-AE74-C4AD469F450E}] => (Allow) C:\Gry\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{37BBC036-2D9E-4B34-A68E-FB3C112B2F7A}] => (Allow) C:\Gry\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{19C2E2E1-6DAB-4798-870E-7BF977721576}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{CC71E605-CDF0-4783-B0D4-59F56A127A46}] => (Allow) C:\Gry\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{B39B7C92-4D26-42C9-A06F-540733BFD8FF}] => (Allow) C:\Gry\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe FirewallRules: [{C72BF9FC-2884-4A5E-9541-9414C126D08A}] => (Allow) C:\Gry\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe FirewallRules: [{4A436293-FC69-42F0-B6B5-9664E02E9395}] => (Allow) C:\Gry\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe ==================== Restore Points ========================= 11-10-2016 15:43:15 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 11-10-2016 15:43:47 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 15-10-2016 18:26:18 Removed Aeria Ignite ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/15/2016 07:12:07 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for C:\Gry\Steam\bin\steamwebhelper.exe Error: (10/15/2016 07:11:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/15/2016 07:11:47 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (10/15/2016 06:38:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/15/2016 06:38:27 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (10/15/2016 06:37:29 PM) (Source: Steam Client Service) (EventID: 1) (User: ) Description: Error: Failed to add firewall exception for C:\Gry\Steam\bin\steamwebhelper.exe Error: (10/15/2016 06:26:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Przetwarzanie wywołania OnIdentity() w obiekcie System Writer przez Usługi kryptograficzne nie powiodło się. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (10/15/2016 06:02:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (10/15/2016 06:02:14 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (10/15/2016 09:58:04 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Aktywacja licencji (slui.exe) nie powiodła się, kod błędu: hr=0xC004F074 Argumenty wiersza polecenia: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable System errors: ============= Error: (10/15/2016 07:12:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Windows Media Player Network Sharing Service zależy od usługi Windows Search, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (10/15/2016 07:10:17 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: Nastąpił ponowny rozruch komputera po operacji wykrywania błędów. Wyniki tej operacji były następujące: 0x00000109 (0xa3a01f5a3a88b88d, 0xb3b72be08d08b678, 0xfffff80197034080, 0x0000000000000002). Zrzut zapisano w: C:\Windows\MEMORY.DMP. Identyfikator raportu: 101516-19781-01. Error: (10/15/2016 07:10:11 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Poprzednie zamknięcie systemu przy 19:07:18 na ‎2016-‎10-‎15 było nieoczekiwane. Error: (10/15/2016 06:37:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Windows Media Player Network Sharing Service zależy od usługi Windows Search, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (10/15/2016 06:02:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Windows Media Player Network Sharing Service zależy od usługi Windows Search, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (10/15/2016 05:59:27 PM) (Source: DCOM) (EventID: 10010) (User: n0taku) Description: Serwer {9BA05972-F6A8-11CF-A442-00A0C90A8F39} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (10/15/2016 10:05:51 AM) (Source: DCOM) (EventID: 10010) (User: n0taku) Description: Serwer {1B1F472E-3221-4826-97DB-2C2324D389AE} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (10/15/2016 10:05:21 AM) (Source: DCOM) (EventID: 10010) (User: n0taku) Description: Serwer {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} nie zarejestrował się w modelu DCOM w wymaganym czasie. Error: (10/15/2016 09:56:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Windows Media Player Network Sharing Service zależy od usługi Windows Search, której nie można uruchomić z powodu następującego błędu: Nie można uruchomić określonej usługi, ponieważ jest ona wyłączona lub ponieważ nie są włączone skojarzone z nią urządzenia. Error: (10/14/2016 07:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Nie można uruchomić usługi Steam Client Service z powodu następującego błędu: Usługa nie odpowiada na sygnał uruchomienia lub sygnał sterujący w oczekiwanym czasie. CodeIntegrity: =================================== Date: 2016-10-15 20:09:41.838 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-15 19:12:16.469 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-15 18:37:38.518 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-15 18:01:21.232 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-15 16:57:35.285 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-15 16:24:47.954 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-15 10:59:40.886 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-15 09:57:25.668 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-14 19:27:03.557 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-10-14 17:32:33.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz Percentage of memory in use: 43% Total physical RAM: 8143.84 MB Available physical RAM: 4571.37 MB Total Virtual: 13143.84 MB Available Virtual: 9426.54 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931 GB) (Free:320.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0CB8696F) Partition: GPT. ==================== End of Addition.txt ============================