Résultats de l'Analyse supplémentaire de Farbar Recovery Scan Tool (x64) Version: 17.03.2019 Exécuté par Alexandre (10-04-2019 11:34:45) Exécuté depuis C:\Users\Alexandre\Desktop Windows 8.1 (Update) (X64) (2014-01-08 10:42:05) Mode d'amorçage: Normal ========================================================== ==================== Comptes: ============================= Administrateur (S-1-5-21-3166757265-2865098428-1234438810-500 - Administrator - Disabled) Alexandre (S-1-5-21-3166757265-2865098428-1234438810-1001 - Administrator - Enabled) => C:\Users\Alexandre HomeGroupUser$ (S-1-5-21-3166757265-2865098428-1234438810-1003 - Limited - Enabled) Invité (S-1-5-21-3166757265-2865098428-1234438810-501 - Limited - Disabled) ==================== Centre de sécurité ======================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé.) AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB} AS: COMODO Advanced Protection (Enabled - Up to date) {255FE707-DEDA-33CA-1986-80AAD408CE05} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {A60587C6-B28F-3D1C-0869-12ED515CC3C3} ==================== Programmes installés ====================== (Seuls les logiciels publicitaires ('adware') avec la marque 'caché' ('Hidden') sont susceptibles d'être ajoutés au fichier fixlist.txt pour qu'ils ne soient plus masqués. Les programmes publicitaires devront être désinstallés manuellement.) Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.156 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{3F816385-2F20-EA30-DC74-4C011B5447C0}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Analyseur et SDK MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.5.7.2 - ASUSTek COMPUTER INC.) Hidden ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.5.7.2 - ASUSTek COMPUTER INC.) ASUS Product Register Program (HKLM-x32\...\{54716EA9-F8B4-41E0-801B-9909164F2024}) (Version: 1.1.001 - ASUSTek Computer Inc.) Avira (HKLM-x32\...\{33789076-9ec9-4866-b174-19596d6375c1}) (Version: 1.2.131.15242 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{9c4627af-2a2f-4e06-aa50-e0d70979e4b6}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG) Avira (HKLM-x32\...\{BE930E27-DF4B-44AF-8037-EB0A1D419787}) (Version: 1.2.132.16752 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.44.143 - Avira Operations GmbH & Co. KG) Backup and Sync from Google (HKLM\...\{693CADB0-962B-4AC1-A939-9524B258C997}) (Version: 3.43.2448.9071 - Google, Inc.) calibre 64bit (HKLM\...\{1266D026-FDCA-458F-8849-BF23EF0766D8}) (Version: 1.28.0 - Kovid Goyal) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.) Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.) Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.) Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft) COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 11.0.0.6744 - COMODO Security Solutions Inc.) ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) CrystalDiskInfo 8.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 8.0.0 - Crystal Dew World) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd) Enregistrement utilisateur de Canon MG2500 series (HKLM-x32\...\Enregistrement utilisateur de Canon MG2500 series) (Version: - ‭Canon Inc.) Explor@ Park (HKLM-x32\...\VTechDownloadManager) (Version: - VTech) FM Genie Scout 18 version 1.1 18.3.3 (HKLM\...\FM Genie Scout 18_is1) (Version: 1.1 18.3.3 - ) FMRTE 18.3.3.25 (HKLM\...\{DDBB4759-2DD1-4003-91B0-219DEF70DF13}_is1) (Version: 18.3.3.25 - FMRTE) FMRTE 19.3.3.33 (HKLM\...\{3AA526E7-B7BB-409A-A6C3-157BDF1AB0E5}_is1) (Version: 19.3.3.33 - FMRTE) FMSE18 (HKLM\...\{3252E23D-DCE2-43C7-B08E-81340B3743FD}) (Version: 1.8.0.3 - AppCake Limited) Hidden FMSE18 (HKLM-x32\...\{19b549a8-41a7-4412-bb08-3887f61afe35}) (Version: 1.8.3.3 - AppCake Limited) FormatFactory 4.3.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.3.0.0 - Free Time) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.86 - Google Inc.) Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.3.447691.139 - Comodo) IP-TV Player 49.4 (HKLM-x32\...\IP-TV_Player) (Version: 49.4 - ADSL Club Co Ltd) Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Kodi (HKU\S-1-5-21-3166757265-2865098428-1234438810-1001\...\Kodi) (Version: - XBMC-Foundation) LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation) Lidl Photo (HKLM-x32\...\{5123B138-B424-4550-8068-027344B9F7FE}_is1) (Version: - Lidl FR) Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster) Logiciel d'archivage WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) MAGIX Speed burnR (MSI) (HKLM\...\{09466F30-D788-4C52-9270-2BC92D3B4804}) (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{09466F30-D788-4C52-9270-2BC92D3B4804}) (Version: 7.0.1.27 - MAGIX Software GmbH) MAGIX Vidéo deluxe 2016 Premium (HKLM\...\{40C8DA43-0282-4E80-B456-78F8119A0F15}) (Version: 15.0.0.90 - MAGIX Software GmbH) Hidden MAGIX Vidéo deluxe 2016 Premium (HKLM\...\MX.{40C8DA43-0282-4E80-B456-78F8119A0F15}) (Version: 15.0.0.90 - MAGIX Software GmbH) Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Language Pack 2007 - French/Français (HKLM-x32\...\OMUI.fr-fr) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Mozilla Firefox 66.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 66.0.2 (x64 fr)) (Version: 66.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) Nano 1.1.1 (HKLM-x32\...\Nano) (Version: 1.1.1 - ) NVIDIA Pilote 3D Vision 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation) NVIDIA Pilote graphique 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation) Panneau de configuration NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden Photocite Collection 5.1 (HKLM-x32\...\Photocite Collection 5.1) (Version: 5.1.8 - CEWE Stiftung u Co. KGaA) Raptr (HKLM-x32\...\Raptr) (Version: - ) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - ) Screenpresso (HKU\S-1-5-21-3166757265-2865098428-1234438810-1001\...\Screenpresso) (Version: 1.7.5.0 - Learnpulse) Serveur Média (HKLM-x32\...\TwonkyMediaServeur Média) (Version: 6.0.30.0 - PacketVideo) Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3166757265-2865098428-1234438810-1001\...\Spotify) (Version: 1.0.43.123.g80176796 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Tennis Elbow 2013 1.0g (HKLM-x32\...\Tennis Elbow 2013) (Version: 1.0g - Mana Games) Univers photo Pixum (HKLM-x32\...\Univers photo Pixum) (Version: 6.0.5 - CEWE Stiftung u Co. KGaA) VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN) VTech Download Agent Library (HKLM-x32\...\{DB083AE1-3354-4AAD-BD44-5F2CC4B2ECE6}) (Version: 1.00.0000 - VTech) Hidden Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Winamax (HKU\S-1-5-21-3166757265-2865098428-1234438810-1001\...\Winamax 3.6.2) (Version: 3.6.2 - Winamax) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs) ==================== Personnalisé CLSID (Avec liste blanche): ========================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2015-12-17] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-12-07] (Google Inc -> Google) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc. -> Tonec Inc.) ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-12-07] (Google Inc -> Google) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-06-22] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2018-12-17] (Comodo Security Solutions, Inc. -> COMODO) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [2019-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal) ==================== Tâches planifiées (Avec liste blanche) ============= (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) Task: {02E14FE0-88DA-4D13-8794-CC810491C0B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {0B81FB41-3167-4E05-8B47-DE0ABA4F7EFD} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {26639069-AA34-43F5-B5BA-FDF240923FB7} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {3CD01B62-0B33-4FB2-AF71-AA61F1D87356} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {40B0E0FE-5A2E-4CDA-995E-E13FE4A0F8E0} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {464F091C-A232-4F30-8933-0946B6887485} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation) Task: {48CC5183-FFD4-4707-99D4-9781395AF28C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.) Task: {6A207624-218F-42B8-8C40-E584BF09DD9E} - System32\Tasks\COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {75C46543-AEC2-428B-BA69-F8FDC769C199} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe (ASUSTeK Computer Inc. -> ) [Fichier non signé] Task: {963C1974-D36E-41FF-9223-ECB066FD990A} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {AF1321E4-65CF-4816-B9B5-FFDCC09F74F5} - \CCleanerSkipUAC -> Pas de fichier <==== ATTENTION Task: {BD21FEAD-EA0E-45C1-BEF6-1883943CD44B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Comodo Security Solutions, Inc. -> COMODO) Task: {C3822BE5-8AE7-4061-B60A-C5B94BBB143C} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_156_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {C424D896-D42F-4715-AA52-C2A8355EC234} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) Task: {F4908218-8EA6-4AE9-BCC5-92C140395D81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {FC663BB1-186B-419F-9F7B-9FE8282FEE5B} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (Comodo Security Solutions, Inc. -> COMODO) (Si un élément est inclus dans le fichier fixlist.txt, le fichier tâche (.job) sera déplacé. Le fichier exécuté par la tâche ne sera pas déplacé.) ==================== Raccourcis & WMI ======================== (Les éléments sont susceptibles d'être inscrits dans le fichier fixlist.txt afin d'être supprimés ou restaurés.) ==================== Modules chargés (Avec liste blanche) ============== 2018-02-16 17:40 - 2017-10-27 18:06 - 000874368 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Fichier non signé] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll 2018-02-16 17:40 - 2017-10-27 18:06 - 000339256 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Fichier non signé] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll 2013-10-20 18:47 - 2013-10-20 18:47 - 002221568 _____ (IvoSoft) [Fichier non signé] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll 2015-06-22 22:34 - 2015-06-22 22:34 - 000004608 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiamfra.dll 2013-10-20 18:47 - 2013-10-20 18:47 - 000329216 _____ (IvoSoft) [Fichier non signé] C:\Windows\system32\StartMenuHelper64.dll 2013-10-20 18:47 - 2013-10-20 18:47 - 000152576 _____ (IvoSoft) [Fichier non signé] C:\Program Files\Classic Shell\ClassicStartMenu.exe 2019-02-14 13:17 - 2019-02-14 13:17 - 000020480 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM\e4447920f93e9b6882cdca38f614dbd9\MOM.ni.exe 2019-02-14 13:17 - 2019-02-14 13:17 - 000391680 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Implementation\cc1f02eb9438686346b5c1fe962989ec\MOM.Implementation.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000131584 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundation\56b1c3830f910ae97c5ba7faf401b1ee\LOG.Foundation.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000146432 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat5023f8e7#\733fca5b06c8991b4db0852fcf035c48\LOG.Foundation.Private.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000289792 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundat03490438#\56530b7a007fc637585cc973bedf5cd2\LOG.Foundation.Implementation.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000012800 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\MOM.Foundation\d2f7199ba566fa81b2395d75bfe79589\MOM.Foundation.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000085504 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\LOG.Foundatcaafa75b#\5397e438837b0f14863e16cf24902918\LOG.Foundation.Implementation.Private.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000199168 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC.Implementation\d96d260e9463a6b8100baff14399e5e8\CCC.Implementation.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000055296 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\NEWAEM.Foundation\0d265f192cc057b9c2c90a7cd3601132\NEWAEM.Foundation.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000017408 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CCC\8e2347fa4e75bbef76849516085f8c11\CCC.ni.exe 2019-02-14 13:14 - 2019-02-14 13:14 - 000295424 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundation\4e693340857ccd53b882036718f5535e\CLI.Foundation.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000060928 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat60cdf5df#\f10e13b6513b29cb8f7c653104e5edf4\CLI.Foundation.XManifest.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000228352 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6692ca50#\cfc9f2b406a6f02c4659170b47a7a292\CLI.Component.Runtime.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000149504 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone59f353b4#\8e14a0a8514de60ab3b66e7737e3f073\CLI.Component.Runtime.Shared.Private.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000089088 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat3d5d3945#\7d6282fd233fac329e3327ed31a145ad\CLI.Foundation.Private.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000013312 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone1b4a8c97#\d672e45c35297e83b18133ee3455d707\CLI.Component.Runtime.Shared.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000122368 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\ATICCCom\e2dbc4c94f4a43821515483991e772ed\ATICCCom.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000263168 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server\e7a3469d473d0853124f89077a07c3f9\AEM.Server.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000890368 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\ADL.Foundation\befd4e5f17dd355c35bfaa295fa758a9\ADL.Foundation.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000013824 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Server.Shared\5131d0f77a0db720683bd5e21986eb7b\AEM.Server.Shared.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000275456 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.5d945b6b#\0fd45ef3852190eb56168e3a04da9fcd\AEM.Plugin.Source.Kit.Server.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000090624 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundat619559bd#\3f05fc75c9d1e63d89adcaca8b21a359\CLI.Foundation.CoreAudioAPI.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000017408 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.2b6a6775#\e249a0babfe8566fe6d13a60833d4dfd\AEM.Plugin.Hotkeys.Shared.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000015360 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.674d2b8a#\cb99ed65bca3944bf099cf19756661db\AEM.Plugin.WinMessages.Shared.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000117248 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0601\d3e74857c3818a14e86f6103ee0d7163\DEM.Graphics.I0601.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000026112 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Foundation\10989caf4046f704acdda094bf370d29\DEM.Foundation.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000015872 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics\5af2570fb4f2eeb5d1f7b8a1abdbf63d\DEM.Graphics.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000036352 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I1010\a8a43edb324bfa7940bdfca74b11302f\DEM.Graphics.I1010.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 003182592 _____ (Advanced Mirco Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G962aa464#\038046165a36dc79ceb336dd29950b02\CLI.Caste.Graphics.Runtime.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 002783232 _____ (Advanced Mirco Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60a7b4d1#\d853ad384673da652279e3157d0bf669\CLI.Caste.Graphics.Shared.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000012800 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.GD.Shared\c1a72c41397101c1dcde7a0c63d2495f\AEM.Plugin.GD.Shared.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000022528 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Actions5dc83b46#\a3db5eb006b6683808588858ebc1ba66\AEM.Actions.CCAA.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000083456 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0709\10bcc2a89c57857811ec8b910534b3ac\DEM.Graphics.I0709.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000023552 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceManf163905a#\a92276ba9f7c2bdb077b21c57766a13e\ResourceManagement.Foundation.Private.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000018944 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\DEM.Graphics.I0804\e4c106a19634f76e392bcaceab4c0f6a\DEM.Graphics.I0804.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000046592 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ef3eaa4d#\bcb13d39a8ce7668379bab73ab7feb2e\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000038400 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.G60338cc0#\a60088ff6b5d9e72ea11f1b5916b0cdf\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000104448 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3a6f1658#\36d4cbd53ab997b2e287388d60bdfd17\CLI.Aspect.TransCode.Graphics.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000026112 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.37d3d968#\8cfaf6e016b2ff2bb5f93c046167c966\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000017920 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c854b457#\7538b80b99be28485f8b0896e90216c5\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000062976 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8350f5c6#\12f8f0efc9eeb9a3be0229affe4b9019\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000050176 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.f480a2f3#\da4246bf01c8c79cfb2924b17e9cb9fe\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 001144320 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\Localizatio01dbc1c0#\d9fc23b3b8c0be63f55f23560965f935\Localization.Foundation.Private.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000056320 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a6cd7fff#\87d65c565ed72d2988c355a2218a1c80\CLI.Aspect.FPS.Graphics.Runtime.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000037888 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.52c6dbaa#\281891d064dde835fa55e83d728b6501\CLI.Aspect.FPS.Graphics.Shared.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000304640 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F36b07a2b#\2da1e46746bcafc1f8645d0b5efc6253\CLI.Caste.Fuel.Runtime.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000044544 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.F24de14fe#\a87f3ac761f45c1552cc0cd6ce49912f\CLI.Caste.Fuel.Shared.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000037888 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\Fuel.Foundation\b053fc296947e4d5a210c131ab1f6dd4\Fuel.Foundation.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000043520 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pdb36d56e#\c5d6cf8b73568e184d538c0fac8fc53a\CLI.Caste.Platform.Runtime.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000030720 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pac40511b#\26404fc9c84e046c1a69bd923c87b79d\CLI.Caste.Platform.Shared.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000045056 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.382a3def#\779eda97cdcde5ae44600aeea837bb94\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000337408 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.c7aaa0f8#\b9734c4b59a784c229610c6f7c8a09cd\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000044544 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H18c99613#\0c07b7347151ba5b39fbfffdd5499708\CLI.Caste.HydraVision.Runtime.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000030720 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.H92ba4e46#\2dab931c8a999241d077c9364f0522c1\CLI.Caste.HydraVision.Shared.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000050688 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Runtime\9860fad629249299a2b17547c7ac331b\CLI.Caste.A4.Runtime.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000044544 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.A4.Shared\0df55319b235fe852911d6b88c87e773\CLI.Caste.A4.Shared.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000032256 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\A4.Foundation\f30046831477fbb46a3f3c046d02e631\A4.Foundation.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000250368 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Server\1fce83ac713ebd512b00e4ecc37784e2\APM.Server.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000056320 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\APM.Foundation\8ccabcee8c4a6f4416c21d5ef1b72662\APM.Foundation.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000017408 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componeb4d0485c#\2108c540feca4bfb0d6561d41ac23072\CLI.Component.Runtime.Extension.EEU.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000013312 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.88aba5d2#\426d891d2e4fcf11bc945e237a104669\AEM.Plugin.REG.Shared.ni.dll 2019-02-14 13:14 - 2019-02-14 13:14 - 000013312 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\AEM.Plugin.0a1309f7#\39c9bc7bef28b118dbdc85fa9a1c33c2\AEM.Plugin.EEU.Shared.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000910336 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone6bf88b08#\fc6a62027f73f688b60aa1092e1debb5\CLI.Component.Dashboard.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000133632 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone168638d1#\4ceee0ab742a555e797ac2ed514366e0\CLI.Component.Client.Shared.Private.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000019968 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef1fd67b2#\b7d6fcfc3d6127a98fc75ddf5c63b0f1\CLI.Component.Client.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000086016 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componef4cf054f#\69b76ebf5ce7457210156a3afac4224c\CLI.Component.Dashboard.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 001605632 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Componec89c3bec#\061956d0ad70da83b7171f81be3c1163\CLI.Component.Dashboard.Shared.Private.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000882176 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone26c9c557#\b4742110b3c0d2d4ef2f37f012f8ec6b\CLI.Component.Systemtray.ni.dll 2019-02-14 13:17 - 2019-02-14 13:17 - 000242688 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\ResourceMan446ca0e5#\d2fbf7c4495adade14c6e858e7ebc274\ResourceManagement.Foundation.Implementation.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000259584 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.73911eb5#\344c580ac309cd9dec0ae33a52883c56\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000355840 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.7ec2db45#\0074a6a371906bc5b40a0c66918c70d9\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000451584 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.acb9d930#\14c39484b291bfabfa9db2bd85aab4dc\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000124928 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.3399d0ec#\1c8859b42dd9d80ed6ce32f46da914d1\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000574976 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gee7d2dbc#\b665d2e4b958f6c267afe29b4df40cb9\CLI.Caste.Graphics.Dashboard.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 001537536 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Gd9d9b43b#\2faf96d01a9ea390c2b3d048a4f45835\CLI.Caste.Graphics.Dashboard.Shared.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000090112 _____ (Advanced Mirco Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.ec8786e5#\3f97b439ecdb5b46b381b4053c9fb970\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000270848 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.e8635fc7#\227840bd35eaa1772869e6f87b5e06bd\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 007985152 _____ (Advanced Micro Devices, Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Combine0616f305#\ca511c35d5670c3714ff79c9df0fb5cf\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000446464 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.8e996306#\52dbbb272eb41b94939ce9c48e346f1e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000066560 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.b0a7c1fb#\e7b7a69e6fdf0a20b758287a0c6ea63f\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000073728 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.4bbb0755#\3d663d48b7839ab55ee02f27207bf995\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000081408 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.a765109e#\6c5c425b537a7aacff24392fc4688492\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 000087552 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Aspect.9cd1e9e7#\1f1294a7ecab9c7d4e128a5b945907b7\CLI.Aspect.FPS.Graphics.Dashboard.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000027648 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Ff3085433#\16a3b37fd4dcc3cf98730827e248d4ea\CLI.Caste.Fuel.Dashboard.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000024064 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Pfeefa2b6#\7a6963cf2f9e920c3585194a802e8f19\CLI.Caste.Platform.Dashboard.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000025600 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Hbb906c0b#\c130a37035c279bd05e4a8310a9b84b1\CLI.Caste.HydraVision.Dashboard.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000027648 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Caste.Af820fedc#\f28c98d991a9705ad521907a337fbd17\CLI.Caste.A4.Dashboard.ni.dll 2019-02-14 13:15 - 2019-02-14 13:15 - 001051136 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Foundatd3771151#\78a900e3442b1669700cc56ef082c3ed\CLI.Foundation.Client.ni.dll 2019-02-14 13:16 - 2019-02-14 13:16 - 000168960 _____ (Advanced Micro Devices Inc.) [Fichier non signé] C:\Windows\assembly\NativeImages_v4.0.30319_64\CLI.Compone29e547cc#\465d095190ec64ce9d9f91db2dc08ebf\CLI.Component.Dashboard.ProfileManager2.ni.dll 2016-02-24 10:56 - 2014-05-06 05:59 - 004048896 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Core.dll 2016-02-24 10:56 - 2014-05-06 06:02 - 004113408 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Gui.dll 2016-02-24 10:56 - 2014-05-06 12:31 - 000192000 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5WebKitWidgets.dll 2016-02-24 10:56 - 2014-05-06 07:37 - 004359680 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Widgets.dll 2016-02-24 10:56 - 2014-05-06 06:00 - 000159232 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Xml.dll 2016-02-24 10:56 - 2014-06-05 11:45 - 000932864 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Network.dll 2016-02-24 10:56 - 2014-06-06 11:07 - 001178112 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\LIBEAY32.dll 2016-02-24 10:56 - 2015-12-14 08:05 - 000120832 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll 2016-02-24 10:56 - 2014-04-22 04:14 - 000065536 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\QHttpServer.dll 2016-02-24 10:56 - 2016-01-08 10:07 - 000172032 _____ (VTech) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\DAVTMassStorageLib.dll 2016-02-24 10:56 - 2013-05-23 22:26 - 001392640 _____ (The ICU Project) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\icuin51.dll 2016-02-24 10:56 - 2013-05-23 22:23 - 001056256 _____ (The ICU Project) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\icuuc51.dll 2016-02-24 10:56 - 2014-05-06 08:22 - 000081920 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5MultimediaWidgets.dll 2016-02-24 10:56 - 2014-05-06 07:37 - 000285696 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5OpenGL.dll 2016-02-24 10:56 - 2014-05-06 07:38 - 000231936 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5PrintSupport.dll 2016-02-24 10:56 - 2014-05-06 12:30 - 016913408 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5WebKit.dll 2016-02-24 10:56 - 2014-05-06 08:21 - 000545792 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Multimedia.dll 2016-02-24 10:56 - 2014-05-06 08:31 - 000143872 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Sensors.dll 2016-02-24 10:56 - 2013-05-23 22:32 - 022324736 _____ (The ICU Project) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\icudt51.dll 2016-02-24 10:56 - 2014-05-06 08:12 - 002121216 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Quick.dll 2016-02-24 10:56 - 2014-05-06 08:08 - 002441216 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Qml.dll 2016-02-24 10:56 - 2014-05-06 06:00 - 000151040 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Sql.dll 2016-02-24 10:56 - 2014-05-06 08:30 - 000144896 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Positioning.dll 2016-02-24 10:56 - 2014-05-06 07:39 - 000861184 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\platforms\qwindows.dll 2016-02-24 10:56 - 2014-05-06 07:38 - 000021504 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qgif.dll 2016-02-24 10:56 - 2014-05-06 07:38 - 000020992 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qico.dll 2016-02-24 10:56 - 2014-05-06 07:38 - 000204800 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qjpeg.dll 2016-02-24 10:56 - 2014-05-06 12:44 - 000218112 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qmng.dll 2016-02-24 10:56 - 2014-05-06 07:58 - 000015872 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qsvg.dll 2016-02-24 10:56 - 2014-05-06 07:58 - 000199680 _____ (Digia Plc and/or its subsidiary(-ies)) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\Qt5Svg.dll 2016-02-24 10:56 - 2014-05-06 12:44 - 000015360 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtga.dll 2016-02-24 10:56 - 2014-05-06 12:44 - 000307712 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qtiff.dll 2016-02-24 10:56 - 2014-05-06 12:44 - 000014848 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\imageformats\qwbmp.dll 2016-02-24 10:56 - 2014-05-06 08:31 - 000015872 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\sensors\qtsensors_dummy.dll 2016-02-24 10:56 - 2014-05-06 07:38 - 000036352 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qgenericbearer.dll 2016-02-24 10:56 - 2014-05-06 07:38 - 000038912 _____ () [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\plugins\bearer\qnativewifibearer.dll 2016-02-24 10:56 - 2014-06-06 11:08 - 000270848 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Fichier non signé] C:\Program Files (x86)\VTech\DownloadManager\System\ssleay32.dll 2018-07-19 20:08 - 2019-03-23 19:08 - 003084800 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll 2018-07-19 20:08 - 2019-03-23 19:08 - 004571648 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll 2018-07-19 20:08 - 2019-03-23 19:08 - 000438272 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll 2018-07-19 20:08 - 2019-03-23 19:08 - 005139968 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll 2018-07-19 20:08 - 2019-03-23 19:08 - 002950144 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll 2018-07-19 20:08 - 2019-03-23 19:08 - 002234880 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll 2018-07-19 20:08 - 2019-03-23 19:08 - 005010944 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll 2019-02-21 00:48 - 2019-03-23 19:08 - 001181184 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll 2019-02-21 00:48 - 2019-03-23 19:08 - 000124928 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000026112 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000020992 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll 2018-07-19 20:08 - 2019-03-23 19:08 - 000259584 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000014848 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000729088 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000073216 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000179712 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000014848 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000014848 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll 2019-03-23 19:08 - 2019-03-23 19:08 - 000101888 _____ (The Qt Company Ltd.) [Fichier non signé] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll 2014-09-01 23:40 - 2014-09-01 23:40 - 000097280 _____ (Microsoft Corporation) [Fichier non signé] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL ==================== Alternate Data Streams (Avec liste blanche) ========= (Si un élément est inclus dans le fichier fixlist.txt, seul le flux de données additionnel (ADS - Alternate Data Stream) sera supprimé.) AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\hh.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\regedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\twain_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\winhlp32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\write.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acledit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\acproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ActionQueue.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adhapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adsnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\advpack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aecache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AepRoam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\aitagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\alg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AltTab.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Apphlpdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppReadiness.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appsruprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxStreamingDataSourcePS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AppxSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ARP.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\at.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AtBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\atlthunk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\attrib.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioEndpointBuilder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\auditcse.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthFWGP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthFWWizFwk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AuthHostProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AutoWorkplaceN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\avicap32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\avrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AxInstSv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AxInstUI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\AzSqlExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\backgroundTaskHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdboot.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcdsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdaplgin.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BdeHdCfgLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bderepair.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdesvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdeui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BdeUISrv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bdeunlock.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bidispl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BioCredProv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BitLockerDeviceEncryption.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BitLockerWizardElev.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsperf.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bitsprx2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bitsprx7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\blb_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootim.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BootMenuUX.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootsect.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bootux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\brdgcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bridgeunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BrokerLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthHFSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\bthpanapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthpanContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthRadioMedia.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BthSQM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\btpanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BulkOperationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\BWContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cabview.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cacls.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\calc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CallButtons.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CallButtons.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CameraSettingsUIHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\capisp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\catsrvps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certCredProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnrollCtrl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgbkend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cfmifs.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cfmifsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chcp.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chkdsk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chkntfs.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\chkwudrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CIRCoInst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clbcatq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cleanmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cliconfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cliconfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clip.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CloudNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmcfg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmd.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cmdext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmdkey.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmlua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmpbk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmstplua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNC_BXC.dll:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\CNC_BXI.dll:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\CNC_BXL.dll:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\cngcredui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CNHI12A.DLL:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\CNHL12A.DLL:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\CNHMCA6.dll:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\CNHMCAN.DLL:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\CNHW12A.DLL:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\CNMLMBX.DLL:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\cofire.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cofiredm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\colbact.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\colorcpl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\colorui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comcat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\compact.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompMgmtLauncher.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CompPkgSup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ComputerDefaults.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comrepl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ConnectedAccountState.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ConsentUX.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\console.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\control.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\correngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CredentialMigrationHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CredentialUIBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\credwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptcatsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CryptoWinRT.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\crypttpmeksvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptuiwizard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cryptxml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\CSystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ctfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cttune.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\cttunesvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d8thk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dab.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dabapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DAConn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafBth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DafPrintProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafupnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafWCN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dafWfdProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DAMM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\das.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dasHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\datusage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\davhlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbnetlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dbnmpntw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dcomcnfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DDACLSys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddodiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DDOIProxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DDORes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ddraw.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\ddrawex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DefaultDeviceManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DefaultPrinterProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Defrag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\defragproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\defragsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\desk.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deskadp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deskmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevDispItemProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceDisplayStatusManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceDriverRetrievalClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceElementSource.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\DeviceMetadataRetrievalClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceProperties.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\deviceregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceSetupManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceSetupManagerAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DeviceUxRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DevPropMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfdts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DFDWiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DfpCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dfscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DfsShlEx.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DiagCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dialer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\difxapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dimsjob.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dinput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dinput8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\discan.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskcomp.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskcopy.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskcopy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dispci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dispdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DisplaySwitch.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\djoin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dllhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dllhst3g.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmdlgs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmdskmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmintf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmloader.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmocx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DMRServer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmvdsitf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dmview.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnscacheugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dnshc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\docprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\doskey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Dot3Conn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3dlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3gpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3hc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3mm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DpiScaling.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\driverquery.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\drprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drtprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drttransport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dskquota.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DsmUserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsquery.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dsrole.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dssec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dssenh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Dsui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dswave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dtsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\duser.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\dvdplay.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dvdupgrd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dwmredir.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DWWIN.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxgwdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DXP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Dxpserver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\dxva2.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Eap3Host.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapprovp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EAPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eapsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\easconsent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EaseOfAccessDialog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\easinvoker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\easinvoker.proxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\easwrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efsadu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efslsaext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efsui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorAuthn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ELSCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elshyph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elslad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\elsTrans.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\energy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\energyprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\energytask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eqossnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esentprf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\EventAggregation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eventcls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eventcreate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\eventvwr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\expand.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FdDevQuery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdPHost.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\fdPnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FDResPub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdWNet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhautoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhcat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhcleanup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhengine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhevents.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhlisten.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhmanagew.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhshl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhsrchapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhsrchph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhsvcctl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fhtask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FileAppxStreamingDataSource.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\find.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\finger.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Firewall.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fltLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fltMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Fondue.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\fontview.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\forfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\format.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\framedynos.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\frprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fsavailux.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fsutilext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fthsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fvecerts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fvecpl.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\fvenotify.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveskybackup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fveui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fvewiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOMEX.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOMPOSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSCOVER.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSMON.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSROUTE.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\FXSST.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSSVC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXST30.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSTIFF.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSUNATD.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\FXSUTILITY.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gacinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\gcdef.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\GeofenceMonitorService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\getmac.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\getuname.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\glmf32.dll:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\globinputhost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\glu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpprnext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gptext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Groupinghc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\grpconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hdwwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\help.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HelpPaneProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hgprint.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\hhsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hidphone.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hnetmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\HOSTNAME.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hotplug.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hotspotauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpprxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\httpprxp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\htui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hwrcomp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\hwrreg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ias.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icacls.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icmui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IconCodecService.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\icsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icsunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\icsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IdListen.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\idndl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IDStore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ifsutilx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\igdDiag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imaadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\immersivetpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InfDefaultInstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\InputSwitch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipnathlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iprtprio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\irprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsicli.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsicpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsicpl.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsied.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiexe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iscsiwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iuilp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\joy.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KBDAZST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KdsCli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kd_02_8086.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\keepaliveprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernel.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kernelceip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\keyiso.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\keymgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\klist.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\KMSVC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ktmutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ktmw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\l2gpstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\L2SecHC.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\l3codeca.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\l3codecp.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\label.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LangCleanupSysprepAction.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LAPRXY.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LaunchTM.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\linkinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ListSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\livessp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\LldpNotify.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lltdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lltdsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lmhsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\loadperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\localui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LocationNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Locator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LockScreenContent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LockScreenContentHost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LockScreenContentServer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\loghours.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\LogonUI.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpkinstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpksetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpksetupproxyserv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lpremove.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MaintenanceUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\manage-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MbaeParserTask.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MbaeXmlParser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mbussdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mcicda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciqtz32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mciwave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\McxDriv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MDEServer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MDMAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mdminst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MdRes.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MdSched.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MemoryDiagnostic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfAACEnc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfcsubs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfdvdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmjpegdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mibincodec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MicrosoftAccountTokenProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\migflt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\miguiresource.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mimofcodec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MirrorDrvCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\miutils.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mlang.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmcss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mode.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\montr_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\more.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mountvol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mpnotify.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprdim.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mprext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mprmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MRINFO.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MrmIndexer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msaatext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msacm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msauserext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscat32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msched.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSchedExe.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctfime.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdadiag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdart.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdelta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdri.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtckrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdtclog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msg711.acm:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msgsm32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsiCofire.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msidcrl40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msident.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msidle.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiltcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msimg32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msiwer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mskeyprotcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mskeyprotect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msls31.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msoeacct.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msoert2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mspatcha.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mspatchc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msports.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrahc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrdc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssha.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssign32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\mssip32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MsSpellCheckingHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msTextPrediction.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcirt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB70011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB7001E.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MSWB70404.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\MSWB70804.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtstocom.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mtxex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MUILanguageCleanup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\MultiDigiMon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NapiNSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\napipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NAPMONTR.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NAPSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nbtstat.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NcaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NcaSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncbservice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncobjapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncpa.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ncuprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nddeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndfetw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndfhcdiscovery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndiscapCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndishc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NdisImPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ndproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nduprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\negoexts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\net.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbios.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetEvtFwdr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Netplwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netprofm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netprofmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netprovisionsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetSetupApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netsh.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NETSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nettrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NetworkStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NL7Data0011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NL7Data001E.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NL7Data0404.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NL7Data0804.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlahc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nlmsprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0002.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0003.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0007.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData000a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData000c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData000d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData000f.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0010.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0018.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData001a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData001b.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData001d.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NlsData0020.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0021.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0022.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0024.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0026.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0027.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NlsData002a.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\NlsData0039.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData003e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0045.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0046.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0047.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0049.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData004a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData004b.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData004c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData004e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0414.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0416.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0816.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData081a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsData0c1a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Nlsdl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nltest.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\normaliz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\npmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nrpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nshipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nsisvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntdsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntlanui2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcad32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcbcp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbcconf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OEMLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ogldrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleacchooks.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\oledlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\openfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\opengl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OptionalFeatures.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osbaseln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\OskSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\osuninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\p2pnetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\panmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PATHPING.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pautoenr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcacli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcaui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PCPKsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcsvDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcwrun.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pcwutl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PhotoMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PickerHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PING.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\plasrv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\playlistfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlaySndSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PlayToStatusProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ploptin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnpclean.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnppolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnpts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PNPXAssocPrx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnrpauto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Pnrphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pnrpnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceWiaCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pots.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercfg.cpl:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\print.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintDialogHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printfilterpipelineprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintIsolationHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PrintIsolationProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\procinst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\profsvcext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\provthrd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityCommonPal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityRtapiPal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityServicePal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ProximityUxHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\prvdmofcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PSModuleDiscoveryProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\psmsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\psr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pstorec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\PurchaseWindowsLicense.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pwlauncher.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pwlauncher.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\pwrshplugin.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\pwsso.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\qmgrprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\QUTIL.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\qwave.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\racpldlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\radardt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\radarrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasauto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\raschapext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rascustom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\raserver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasman.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\rasmbmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RASMM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasphone.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdbui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcfgex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpinput.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RdpSa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RdpSaProxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RdpSaPs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RdpSaUacHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdrleakdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RDSAppXHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RDSPnf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rdvvmtransport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReAgentTask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recimg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recover.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\recovery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RecoveryDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RegCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regedt32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regidle.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\regini.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Register-CimProvider.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\regsvr32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RelPost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\remotesp.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RemoveDeviceContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RemoveDeviceElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\repair-bde.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\replace.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\reseteng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\resmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RestoreOptIn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rgb9rast.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RMapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RmClient.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rmttpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rnr20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RoamingSecurity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RotMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ROUTE.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcEpMap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcNs4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rpcnsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcPing.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RpcRtRemote.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RstrtMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\runas.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\rundll32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RunLegacyCPLElevated.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\RuntimeBroker.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sbeio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sccls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ScDeviceEnum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scripto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\scrnsave.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdchange.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdclt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdhcinst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdiageng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdiagnhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdiagprv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdiagschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SecEdit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Sens.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\SensApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensorsClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sensrsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\serialui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\serwvdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sessionmsg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SetNetworkLocation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SetProxyCredential.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setspn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SettingSyncPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\setx.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sfc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sfc_os.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sharemediacpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shpafact.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shrpubw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shutdown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\signdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sigverif.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SimCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SkyDrive.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SkyDriveShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SkyDriveTelemetry.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SlideToShutDown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\slpts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartCardSimulator.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmartScreenSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SmsDeviceAccessRevocation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SMSRouter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\snmpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SNTSearch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\softpub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sort.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SortServer2003Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SortWindows61.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SortWindows6Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SoundRecorder.exe:$CmdTcID [32] AlternateDataStreams: C:\Windows\system32\SpaceAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SpaceControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spfileq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SPInf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spmpm.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\spnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sppnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlcecompact40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlceoledb40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlceqp40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlcese40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srrstr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SrTasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srumapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srumsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\srwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sscoreext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ssdpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ssdpsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sstpsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Startupscan.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\stclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sti.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StikyNot.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sti_ci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\storagewmi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\storewuauth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\streamci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SubscriptionMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\subst.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\svchost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\svsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxshared.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxsstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sxstrace.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncHostps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncInfrastructure.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SyncInfrastructureps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Syncreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysdm.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syskey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\sysntfy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SysResetErr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\syssetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemEventsBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systeminfo.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesAdvanced.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesComputerName.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesHardware.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesPerformance.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesProtection.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemPropertiesRemote.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systemreset.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettings.Handlers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettingsDatabase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\SystemSettingsRemoveDevice.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\systray.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Tabbtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabbtnEx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tabcal.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TabletPC.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapi3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapilua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TapiMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapiperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TapiSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TapiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskbarcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskhostex.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskkill.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tasklist.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TaskSchdPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcmsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TcpipSetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpmib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TCPSVCS.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\telephon.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TetheringIeProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TetheringMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TetheringStation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\themeservice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\threadpoolwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ThumbnailExtractionHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeBrokerServer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeDateMUICallback.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\timeout.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TimeSyncTask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tpmcompc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TpmInit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tpmvscmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tpmvscmgrsvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TRACERT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\traffic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tree.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\trkwks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSChannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TtlsAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TtlsCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\TtlsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tvratings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\txflog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\txfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ucmhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UI0Detect.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uicom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uireng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umdmxfrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpoext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\umpowmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unattend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uniplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\unregmp2.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ureg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usbui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserAccountControlSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\userinitext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserLanguageProfileCallback.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UserLanguagesCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ustprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VAN.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VaultCmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VaultRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vaultsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsldr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vdsvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vds_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\verclsid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\verifier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\verifier.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vidcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\virtdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VmApplicationHealthMonitorProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmbuspipe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VmdCoinstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vmictimeprovider.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\vmrdvcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnike.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\VscMgrPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vssadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\w32topl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WABSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\waitfor.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WallpaperHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WavDest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbengine.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wbiosrvc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wcmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcmcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcmsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WcnEapAuthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WcnEapPeerProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WcsPlugInService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdiasqmmodule.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Websocket.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wecapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wecsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wecutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wephostsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werconcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wercplsupport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtfwd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WfHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WFS.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\where.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\whhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\whoami.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiaacmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiadss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiarpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiascanprofiles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiashext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wiatrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WiFiDisplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winbici.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Background.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Custom.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Portable.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Sensors.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Globalization.Fontgroups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\windows.immersiveshell.serviceprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Renewal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.Proximity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Networking.Vpn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Storage.Compression.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.System.Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.HardwareId.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.System.RemoteDesktop.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Input.Inking.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\windowslivelogin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winethc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinFax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wininitext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Winlangdb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winlogonext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winmmbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinMsoIrmProtector.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winnsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinOpcIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrs.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrscmd.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\winrshost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winrssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinRtTracing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winshfhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsockhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WINSRPC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSyncMetastore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WinSyncProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\winver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\witnesswmiv2provider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkspbroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkspbrokerAx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wkssvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlandlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanext.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WLanHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WlanRadioManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlansvcpal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidcredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidfdp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlidsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wlrmdr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WlS0WndH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmcodecdspps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdmlog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdmps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmiclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmicmiplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmidcom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmidx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmiprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wmsgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wmvdspa.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WofTasks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WofUtil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\workerdd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WorkFolders.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WorkFoldersGPExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WorkFoldersShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wowreg32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WpcMon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WpcWebSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpncore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpninprc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnprv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wpnsruprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\write.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2help.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSCollect.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSDPrintProxy.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\WSDScanProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wship6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshnetbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshqos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSHTCPIP.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\wsock32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wsqmcons.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSReset.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSShared.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WUDFx02000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WWanAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanconn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WWanHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Wwanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\WwanRadioManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XAudio2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xcopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XInput1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XInput9_1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xmlprovi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xolehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\XPSSHHDR.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xpssvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwizards.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwtpdui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\xwtpw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\accessibilitycpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\acledit.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\aclui.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\acppage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\activeds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsldp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsldpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adsnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\advpack.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\amstream.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apds.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Apphlpdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apprepapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\apprepsync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\appwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxApplicabilityEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppXDeploymentClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxPackaging.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AppxSip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ARP.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\asycfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\at.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AtBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\atlthunk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\attrib.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\audiodev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\authfwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthFWGP.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\AuthFWSnapin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AuthFWWizFwk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\autoplay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avicap32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avifil32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\avrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\azroles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\azroleui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\AzSqlExt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\backgroundTaskHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BackgroundTransferHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\batmeter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BCP47Langs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bdaplgin.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bidispl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BioCredProv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx5.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bitsprx7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\biwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BluetoothApis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bootcfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\browseui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bthprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\bthudtask.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\btpanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Bubbles.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\BWContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ByteCodeGenerator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cabinet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cabview.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\cacls.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\calc.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CallButtons.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CameraSettingsUIHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\capisp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\catsrvps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certca.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certCredProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnroll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollCtrl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertEnrollUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CertPolEng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\certreq.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfgbkend.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfgmgr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cfmifsproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chartv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chcp.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CheckNetIsolation.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chkdsk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\chkntfs.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\choice.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CHxReadingStringIME.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cipher.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clbcatq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cleanmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clip.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CloudNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CloudStorageWizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmcfg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmdext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmdial32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmdkey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmdl32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmifw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmlua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmmon32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmpbk32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmstp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmstplua.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cngcredui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\colbact.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\colorcpl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\colorui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comcat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\compact.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CompPkgSup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ComputerDefaults.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comrepl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\comuid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\connect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ConnectedAccountState.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\console.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\control.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\convert.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CPFilters.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CredentialMigrationHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CredentialUIBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\credwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\CryptoWinRT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\crypttpmeksvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptuiwizard.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cryptxml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cscdll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ctfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cttune.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\cttunesvr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\C_ISCII.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10core.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d10_1core.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d11.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d8thk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3d9.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dim700.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dramp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\d3dxof.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dabapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DafPrintProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\DaOtpCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dataclen.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\davhlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbgeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbghelp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbnetlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dbnmpntw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dccw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dcomcnfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DDACLSys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ddodiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DDOIProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DDORes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ddraw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ddrawex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DefaultDeviceManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DefaultPrinterProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\desk.cpl:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\deskadp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\deskmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevDispItemProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\deviceaccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\deviceassociation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DevicePairingWizard.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\DeviceProperties.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DeviceUxRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\devrtl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfrgui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dfscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DfsShlEx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcmonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DHCPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dialer.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\difxapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dimsjob.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dinput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dinput8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskcomp.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskcopy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskpart.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\diskraid.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dispex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DisplaySwitch.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dllhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dllhst3g.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dlnashext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmband.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmcompos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmdlgs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmdskmgr.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dmime.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmintf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmloader.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmocx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmscript.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmstyle.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmsynth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmusic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmvdsitf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dmview.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\docprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\doskey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3api.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3cfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3dlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3gpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3gpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3hc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3msm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dot3ui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapimig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DpiScaling.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\driverquery.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drtprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drttransport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drvinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\drvstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsauth.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dsdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dskquota.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dskquoui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsound.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsquery.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\dsrole.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dssec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dssenh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Dsui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dsuiext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dswave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dtsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dui70.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\duser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dvdplay.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dvdupgrd.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DWWIN.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxdiagn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxgi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\DxpTaskSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\dxva2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eapp3hst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eappcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eappgnui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eapphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eappprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eapprovp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EAPQEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EaseOfAccessDialog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\easwrt.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\efsadu.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efsui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efsutil.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\efswrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EhStorAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EhStorAuthn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EhStorPwdMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\els.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ELSCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\elshyph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\elslad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\elsTrans.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\EncDec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eqossnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\es.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esentprf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\esentutl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eudcedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eventcls.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\eventcreate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\eventvwr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ExFolderView.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\expand.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\extrac32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdBth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdBthProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FdDevQuery.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\fde.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdeploy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdPnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdprint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdSSDP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fdWNet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\fdWSD.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\feclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\filemgmt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\find.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\findstr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\finger.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FirewallControlPanel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fltLib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fltMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fmifs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Fondue.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fontext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\fontview.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\forfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\format.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fphc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\framedyn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\framedynos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\frprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fsutilext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ftp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fundisc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\fwcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSCOM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSCOMEX.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\FXSEXT32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\FXSXP32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\g711codc.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gcdef.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\getmac.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\getuname.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\glmf32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\globinputhost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\glu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\gpedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpprnext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\gpresult.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gptext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\gpupdate.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\grpconv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hbaapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hdwwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\help.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\HelpPaneProxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hh.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hhsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hidphone.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hidserv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hnetcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\hnetmon.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\HOSTNAME.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\httpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\htui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ias.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasads.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iashlpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IasMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iaspolcy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasrad.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iasrecst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iassam.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iassdo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iassvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icacls.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iccvid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icmui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IconCodecService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icsigd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\icsunattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IdCtrls.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\idndl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IDStore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ifmon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ifsutilx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imaadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imagehlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imapi2fs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\imm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\inetmib1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InfDefaultInstall.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\input.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\InputSwitch.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\intl.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ipconfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iprtprio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ipsecsnp.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ipsmsnap.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ir32_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir41_32.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir41_qc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir41_qcx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir50_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir50_qc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ir50_qcx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\irclass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\irprops.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsicli.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsicpl.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsidsc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsied.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iscsiwmiv2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\isoburn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\iyuv_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\joy.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\KBDAZST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kernel.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\keyiso.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\keymgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\korwbrkr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\kstvtune.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Kswdmcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ksxbar.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ktmutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ktmw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\l2gpstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\l2nacp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\L2SecHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\l3codeca.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\l3codecp.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\label.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LAPRXY.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LaunchTM.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\linkinfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\loadperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\localsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LocationApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\LocationNotifications.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logagent.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\loghours.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\logoncli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\lsmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\luainstall.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Magnification.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Magnify.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\main.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\makecab.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MbaeApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MbaeApiPublic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mbsmsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mbussdapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mcbuilder.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciavi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mcicda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciqtz32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciseq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mciwave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mdminst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mdmregistration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfAACEnc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfasfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc42.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfc42u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFCaptureEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfcsubs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mfdvdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfh264enc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFMediaEngine.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmjpegdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfmpeg2srcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFPlay.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfreadwrite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfsrcsnk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfsvr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mftranscode.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mibincodec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\midimap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\miguiresource.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mimefilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mimofcodec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MirrorDrvCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\miutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mlang.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmcico.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\MMDevAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mmsys.cpl:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mobsync.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mode.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\modemui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\more.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mountvol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Mpeg2Data.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mpg2splt.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mpr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprddm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprdim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mprmsg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MRINFO.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MrmCoreR.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MrmIndexer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msaatext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSAC3ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msacm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msacm32.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msadp32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSAudDecMFT.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscandui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscat32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscms.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mscpxl32.dLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctfime.ime:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MsCtfMonitor.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctfp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctfui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msctfuimanager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdadiag.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdart.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdelta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdmo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msdt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSDvbNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msg711.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msgsm32.acm:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msidcrl40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msident.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msidle.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiltcfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimg32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msimtf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msiwer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mskeyprotect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msls31.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSNP.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msoeacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msoert2.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mspaint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mspatcha.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mspatchc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msports.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msra.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrdc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msrle32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msscript.ocx:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssha.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msshooks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssign32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssip32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssitlb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MsSpellCheckingHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mssprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mstask.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msutb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcirt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcp60.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvcrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvidc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSVideoDSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msvproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB7.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB70011.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB7001E.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB70404.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MSWB70804.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mswmdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\msyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtstocom.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxclu.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\mtxdm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mtxlegih.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\muifontsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\MuiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mycomput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\mydocs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Mystify.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\napdsnap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NapiNSP.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\napipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NAPMONTR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NAPSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Narrator.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NaturalLanguage6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NcaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NcdProp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nci.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncobjapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncpa.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncryptprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ncryptsslp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nddeapi.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\ndfapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndfetw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndfhcdiscovery.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndiscapCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndishc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ndproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\negoexts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\net.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\net1.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netbios.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netbtugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netdiagfx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netiohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netiougc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netjoin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netplwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Netplwiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netprofm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netprovisionsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netsh.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NETSTAT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\netutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\networkexplorer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\networkitemfactory.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\newdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\newdev.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ninput.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0011.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\NL7Data001E.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0404.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NL7Data0804.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlhtml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlmgp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlmproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nlmsprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0000.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0002.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0003.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0007.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData000a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData000c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData000d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData000f.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0010.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0018.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData001a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData001b.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData001d.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0020.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0021.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0022.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0024.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0026.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0027.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData002a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0039.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData003e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0045.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0046.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0047.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0049.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData004a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData004b.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData004c.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData004e.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0414.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0416.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0816.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData081a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsData0c1a.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Nlsdl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\NlsLexicons0009.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\normaliz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\npmproxy.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\nshhttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nshipsec.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\nsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\nslookup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntasn1.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntdsapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntlanman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntlanui2.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntmarta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ocsetapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbc32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcad32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcbcp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcconf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccp32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbccu32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcji32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbcjt32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odbctrac.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oddbse32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odexl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odfox32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odpdx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\odtext32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OEMLicense.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\offfilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\offreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ogldrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleacc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleacchooks.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olecli32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oledlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\oleprn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olesvr32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\olethk32.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\OnDemandConnRouteHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\onex.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\onexui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OobeFldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpcServices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\openfiles.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\opengl32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OpenWith.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osbaseln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\OskSupport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\osuninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\P2PGraph.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\p2pnetsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PackageStateRoaming.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\panmap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PATHPING.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pautoenr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pcacli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pcaui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pcaui.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PCPKsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pdhui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfnet.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\perfts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PhotoScreensaver.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PickerHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pid.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PING.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PkgMgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pla.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\playlistfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlaySndSrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlayToDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlayToManager.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PlayToStatusProvider.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\pnrpnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceClassExtension.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceConnectApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceStatus.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWiaCompat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PortableDeviceWMDRM.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\pots.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercfg.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercfg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powercpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\powrprof.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\print.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PrintConfig.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PrintDialogs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\printui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prncache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prnfldr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prntvpt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\profapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\profext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\propsys.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\proquota.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\provcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\provsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\provthrd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ProximityCommonPal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ProximityRtapiPal.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\prvdmofcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psisdecd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psisrndr.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\psr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pstorec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\pwrshplugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QAGENT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QCLIPROV.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qdv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qmgrprxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QSHVHOST.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QSVRMGMT.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Query.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\QUTIL.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\qwave.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RacEngn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\racpldlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\radardt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\radarrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RADCUI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasadhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasautou.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\raschap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\raschapext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasctrs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasdial.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasdlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\raserver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasgcw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasman.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasmontr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasphone.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasplap.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rasppp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rastlsext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpencom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdpendp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RdpSa.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\RdpSaProxy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RdpSaPs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RdpSaUacHelper.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdrleakdiag.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rdvvmtransport.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReAgentc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\recover.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\reg.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RegCtrl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regedit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regedt32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regini.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Register-CimProvider.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\regsvr32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ReInfo.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rekeywiz.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\remotepg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\remotesp.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RemoveDeviceElevated.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\replace.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\resmon.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RestoreOptIn.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\resutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rgb9rast.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Ribbons.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\riched20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\riched32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RmClient.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rnr20.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Robocopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ROUTE.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RpcNs4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rpcnsh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RpcPing.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RpcRtRemote.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rshx32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RstrtMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rtffilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rtm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rtutils.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RTWorkQ.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\runas.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\rundll32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\RunLegacyCPLElevated.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\runonce.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\samlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sas.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sbe.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sbeio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scansetting.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SCardDlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scecli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schedcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\schtasks.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scripto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\scrnsave.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdchange.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdiageng.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\sdiagnhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdiagprv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sdohlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SearchFolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SecEdit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sendmail.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SensApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SensorsApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SensorsCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SER9PL.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\serialui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\serwvdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sethc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupcln.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setupugc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\setx.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sfc.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sfc_os.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shacct.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shfolder.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shgina.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shimgvw.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shlwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shpafact.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shrpubw.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsetup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shsvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shunimpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shutdown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\shwebsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\signdrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SimAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SimCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sisbkup.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SkyDriveShell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\slpts.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SmartScreenSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SMBHelperClass.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SndVol.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SndVolSSO.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\snmpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\softkbd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\softpub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sort.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SortServer2003Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SortWindows61.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SortWindows6Compat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spbcd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spfileq.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SPInf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spnet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\spopk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwinsat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwizeng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlcecompact40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlceoledb40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlceqp40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlcese40.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqlsrv32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sqmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srchadmin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SRH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srumapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srumsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\srvcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ssdpapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SSShim.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ssText3d.scr:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Startupscan.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\stclient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sti.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StorageContextHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Storprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\StorSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\subst.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sud.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\svchost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxshared.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxsstore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sxstrace.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncCenter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncHostps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructure.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SyncInfrastructureps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Syncreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syncui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\sysdm.cpl:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\syskey.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\syssetup.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\systemcpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemEventsBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\systeminfo.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesComputerName.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesHardware.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesPerformance.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesProtection.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\SystemPropertiesRemote.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\systray.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\takeown.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapi3.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TapiMigPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapiperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tapisrv.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\TapiSysprep.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TapiUnattend.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskcomp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskeng.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskkill.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tasklist.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Taskmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\taskschd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TaskSchdPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcmsetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcpipcfg.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\tcpmib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tcpmonui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TCPSVCS.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\telephon.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\termmgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\threadpoolwinrt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\thumbcache.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ThumbnailExtractionHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TimeBrokerClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TimeDateMUICallback.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\timeout.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tlscsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tpmcompc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TpmInit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TRACERT.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\traffic.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tree.com:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsbyuv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSChannel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tsmf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSTheme.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TtlsAuth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TtlsCfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\TtlsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tvratings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinapi.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\twinui.appcore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\txflog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\txfw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\tzutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ucmhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\udhisapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAnimation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIAutomationCore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uicom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uireng.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIRibbon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UIRibbonRes.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\umdmxfrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unimdm.tsp:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unimdmat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uniplat.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unlodctr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\unregmp2.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\upnp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\upnpcont.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\upnphost.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ureg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usbceip.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usbperf.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usbui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserAccountBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserAccountControlSettings.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userenv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userinit.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\userinitext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\UserLanguageProfileCallback.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\UserLanguagesCpl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ustprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\utildll.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Utilman.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\uxlib.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VAN.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\Vault.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vaultcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VBICodec.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vbisurf.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vdmdbg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vds_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\verclsid.exe:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\verifier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\verifier.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\version.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\vfwwdm32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vidcap.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\virtdisk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vpnikeapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\VscMgrPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vssadmin.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vssapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vsstrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\vss_ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\w32tm.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\w32topl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WABSyncProvider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\waitfor.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wavemsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wbemcomn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wcmapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wcnwiz.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WcsPlugInService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdmaud.drv:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wdscore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebcamUi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Websocket.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wecapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wecutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\werui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wevtfwd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wevtutil.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wfapigp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WfHC.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\where.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\whhelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\whoami.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiaacmgr.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiaaut.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiadefui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiadss.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiascanprofiles.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wiashext.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wiatrace.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winbio.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winbrand.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Background.TimeBroker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Background.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Enumeration.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Portable.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Printers.Extensions.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Scanners.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Sensors.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.Usb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Globalization.Fontgroups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Graphics.Printing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Management.Workplace.WorkplaceSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Devices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.MediaControl.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.SpeechSynthesis.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.HostName.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Proximity.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.CredentialPicker.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Storage.Compression.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Display.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.HardwareId.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.Profile.SystemManufacturers.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.System.RemoteDesktop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Windows.Web.Http.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecsExt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\windowslivelogin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinFax.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wininitext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Winlangdb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winmde.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\winmm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winmmbase.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinMsoIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winnsi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinOpcIrmProtector.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrnr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrs.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrscmd.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrshost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winrssrv.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinRtTracing.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSATAPI.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winshfhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsku.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsockhc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WINSRPC.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSyncMetastore.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WinSyncProviders.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winusb.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\winver.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WISPTIS.EXE:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wkscli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wkspbrokerAx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlancfg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WLanConn.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlandlg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanext.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlangpui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanhlp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlaninst.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WlanMM.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanpref.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlanui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlgpclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidcli.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidcredprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidfdp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidnsp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wlidprov.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WlS0WndH.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmcodecdspps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdmlog.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdmps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmdev.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmnet.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmiclnt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmidcom.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmidx.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmiprop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMNetMgr.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPDMC.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WmpDui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpdxm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpeffects.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmpshell.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmsgapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVCORE.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wmvdspa.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wowreg32.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpcsvc.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDShextAutoplay.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDShServiceObj.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WPDSp.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wpnapps.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\write.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2help.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscinterop.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscisvif.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscproxystub.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wscui.cpl:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsecedit.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshbth.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshcon.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshelper.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshext.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wship6.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshirda.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshqos.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSHTCPIP.DLL:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wsock32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSShared.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSSync.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WSTPager.ax:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wtsapi32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\wusa.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WwaApi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\WWanAPI.dll:$CmdTcID [130] AlternateDataStreams: C:\Windows\SysWOW64\wwapi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_8.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xcopy.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XInput1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XInput9_1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xmlfilter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xmlprovi.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsFilt.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsGdiConverter.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsPrint.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XpsRasterService.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xpsservices.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\XPSSHHDR.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xpssvcs.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwizard.exe:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwizards.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwreg.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwtpdui.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\SysWOW64\xwtpw32.dll:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\agilevpn.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ahcache.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\bthhfenum.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\cmimcext.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dumpfve.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\dumpsd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\fsdepends.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\i8042prt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\kbdclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mouclass.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mouhid.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\mslldp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\mup.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndiscap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\NdisImPlatform.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\Ndu.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\parport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\qwavedrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rasacd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rasl2tp.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\rootmdm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sdbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\serenum.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\serial.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\sermouse.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\spaceport.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\swenum.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tbs.sys:$CmdTcID [130] AlternateDataStreams: C:\Windows\system32\Drivers\tpm.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\tunnel.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbcir.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\USBHUB3.SYS:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vhdmp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmbkmcl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmbus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vmstorfl.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volmgr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwifibus.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwififlt.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\vwifimp.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WdBoot.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WdFilter.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WdNisDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wimmount.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\winhv.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\wpcfltr.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64] AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64] ==================== Mode sans échec (Avec liste blanche) =================== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le "AlternateShell" sera restauré.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, l'élément de Registre sera restauré à la valeur par défaut ou supprimé.) ==================== Internet Explorer sites de confiance/sensibles =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre.) ==================== Hosts contenu: =============================== (Si nécessaire, la commande Hosts: peut être incluse dans le fichier fixlist.txt afin de réinitialiser le fichier hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Autres zones ============================ (Actuellement, il n'y a pas de correction automatique pour cette section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files (x86)\AMD\ATI.ACE\Core-Static HKU\S-1-5-21-3166757265-2865098428-1234438810-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexandre\Pictures\pink-beach-1761410_960_720.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Le Pare-feu est activé. ==================== MSCONFIG/TASK MANAGER éléments désactivés == Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé. ==================== RèglesPare-feu (Avec liste blanche) =============== (Si un élément est inclus dans le fichier fixlist.txt, il sera supprimé du Registre. Le fichier ne sera pas déplacé, sauf s'il est inscrit séparément.) FirewallRules: [{C77D49C4-A570-46F2-B49C-2F0FCF304EE3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{A3F1CA77-F85A-4680-94A9-65E273916D6D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{186052BE-7444-4F06-9E95-228B147A11AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8BEC5A99-A089-4875-9847-4D457AF7DC23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{E2356AE8-688A-4F58-A76E-C6A408A683E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe () [Fichier non signé] FirewallRules: [{A841A5AD-9A39-48AE-9D3E-6B4BABC1ED70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Cities_Skylines\Cities.exe () [Fichier non signé] FirewallRules: [TCP Query User{117A7896-7CDB-4336-90AC-0BEDC586DC81}C:\program files (x86)\sports interactive\football manager 2015\fm.exe] => (Allow) C:\program files (x86)\sports interactive\football manager 2015\fm.exe Pas de fichier FirewallRules: [UDP Query User{84DEF0CB-A29B-4AC6-9AB7-35518AE0F526}C:\program files (x86)\sports interactive\football manager 2015\fm.exe] => (Allow) C:\program files (x86)\sports interactive\football manager 2015\fm.exe Pas de fichier FirewallRules: [{E4F9FE67-49F7-4DC1-85E5-B9BB88527AAA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe Pas de fichier FirewallRules: [{5577B753-20CA-4B86-84EC-7353D730F82E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe Pas de fichier FirewallRules: [{38E4590E-2687-4E64-8C47-F583E17E517A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8657D320-8B16-47B9-9D7B-B159DA91E7E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7146BF4C-0E69-4399-AF2B-CA477870380A}] => (Allow) C:\Program Files (x86)\Serveur Media\twonkymediaserver.exe (PacketVideo Corporation -> ) FirewallRules: [{904101EF-4B53-4814-B21E-C21EB5EE7D13}] => (Allow) C:\Program Files (x86)\Serveur Media\twonkymediaserver.exe (PacketVideo Corporation -> ) FirewallRules: [{F83CC468-589E-4D50-A1A2-1C7D8DB66BCE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tennis Elbow 2013\TennisElbow.exe (Emmanuel Rivoire -> Mana Games) FirewallRules: [{A193FD4A-9F8B-4069-A226-29A257EE5C35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tennis Elbow 2013\TennisElbow.exe (Emmanuel Rivoire -> Mana Games) FirewallRules: [{52D4E374-3737-4557-B8EF-B7DA488DC5DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tennis Elbow 2013\Config.exe (Emmanuel Rivoire -> Mana Games) FirewallRules: [{C50FA730-1378-47CB-A20F-6495A8907018}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tennis Elbow 2013\Config.exe (Emmanuel Rivoire -> Mana Games) FirewallRules: [{BFDF6149-D477-4039-AC73-AF1A20D388D7}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2016 Premium\Videodeluxe.exe (MAGIX Software GmbH) [Fichier non signé] FirewallRules: [{E14275E4-4551-4F5B-9AF5-A9BB353BD822}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe () [Fichier non signé] FirewallRules: [{3EBF645C-5E63-4CDA-9EA3-6E8448B25392}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe () [Fichier non signé] FirewallRules: [TCP Query User{38984DE3-10BF-4711-9DC0-EC1415812D68}C:\users\alexandre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexandre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{02B55739-EB9C-49F5-9F40-0FBF8AD12E83}C:\users\alexandre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\alexandre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{6696F1FE-1816-4465-A542-0C3443FDB5E4}C:\users\alexandre\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\alexandre\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{45773B2B-27C9-4A20-B6F7-6E6D8E61B09E}C:\users\alexandre\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\alexandre\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F65E10B2-0839-4A01-9B66-D1E99AC34780}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{122E4166-32E2-46A7-AC55-E63E00EA7EAF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{A9D4025A-7202-4DF4-BCAE-083D2554F10A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2017 Editor\editor.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{79C92843-7B8B-4FB4-8EA4-726BF0D285FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2017 Editor\editor.exe (Sports Interactive) [Fichier non signé] FirewallRules: [TCP Query User{78DC3791-7647-4101-9FE4-D25C5130A796}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [Fichier non signé] FirewallRules: [UDP Query User{246BA6F2-A388-4798-A1FB-F59EC7121107}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [Fichier non signé] FirewallRules: [TCP Query User{2EC551B6-EA5C-4807-8FF6-C32E626DAF53}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{1192574A-822A-4C5A-A9ED-C40F7665E854}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{2438E5D7-5D77-4ED4-A1E8-0D7997AE8FEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager Touch 2018\fm.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{62EE7CA7-155C-4AED-BDCA-1E19E8C666B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager Touch 2018\fm.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{C71BC3F5-C57E-4F07-A10E-871AA3F36746}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018\fm.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{ADE4F111-CF5D-4ED1-8D52-3F201EE7A318}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2018\fm.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{FFDD8163-180C-49B3-B49A-60F765AD0865}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{BA766BB5-E56E-4616-9F4B-A610C6174FFA}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [TCP Query User{AA5274D8-D936-48C1-8555-24131E13FC3C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [UDP Query User{53601F68-1D22-4A5A-9772-B3DAC7C0838B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{D1CDE58A-5C05-4F60-94BF-2726EDB96CC3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2019 Touch\fm.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{B0056266-1D51-4A70-8324-3E81C20C0C66}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2019 Touch\fm.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{0904ACC0-9D42-469F-88AF-E71C1FF1A590}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2019\fm.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{DB4D48B8-A569-45FF-99D8-B02CEF76010F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2019\fm.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{D2DD2D74-F484-4E4F-B754-9071319C755D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2019 Editor\editor.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{1C804CA0-B33E-4C5C-BF33-2F89672A170B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Football Manager 2019 Editor\editor.exe (Sports Interactive) [Fichier non signé] FirewallRules: [{0E4D1571-6694-4B8C-ACBE-099FD7A067C6}] => (Allow) C:\Program Files (x86)\IP-TV Player\IpTvPlayer.exe (ADSL Club Co Ltd -> ADSL Club Co Ltd) FirewallRules: [{355C143D-D232-4D38-8C17-856C1065F1E3}] => (Allow) C:\Program Files (x86)\IP-TV Player\IpTvPlayer.exe (ADSL Club Co Ltd -> ADSL Club Co Ltd) FirewallRules: [{3814F632-18E3-47F3-A2B5-7BFBE42E5403}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.) FirewallRules: [{25269E61-A6EA-45FB-B4C4-9097010E71D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{DF4B8C9B-A87E-4576-9B8F-A37E4E395FDF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{D23B9EF7-EFC4-4ACD-900D-CB5B25CC008F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) FirewallRules: [{0B50C918-8EE1-4334-8586-D1F9883BD04F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software) ==================== Points de restauration ========================= 04-04-2019 18:38:56 Point de contrôle planifié ==================== Éléments en erreur du Gestionnaire de périphériques ============= ==================== Erreurs du Journal des événements: ========================= Erreurs Application: ================== Error: (04/10/2019 12:58:19 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante avguard.exe, version : 15.0.44.16, horodatage : 0x5bec4138 Nom du module défaillant : ucrtbase.DLL, version : 10.0.14393.2247, horodatage : 0x5adc1a6f Code d’exception : 0xc0000409 Décalage d’erreur : 0x000891eb ID du processus défaillant : 0xae0 Heure de début de l’application défaillante : 0x01d4eeb8dc91c5a3 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\ucrtbase.DLL ID de rapport : f731b632-5b1a-11e9-84f7-90e6bac835e7 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error: (04/09/2019 06:43:21 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme LiveComm.exe version 17.5.9600.22013 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 1ec8 Heure de début : 01d4eef27c5dd88a Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe ID de rapport : 796cde0f-5ae6-11e9-84f7-90e6bac835e7 Nom complet du package défaillant : microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/09/2019 02:18:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nom de l’application défaillante adwcleaner_7.0.8.0.exe, version : 7.0.8.0, horodatage : 0x5a7cb095 Nom du module défaillant : adwcleaner_7.0.8.0.exe, version : 7.0.8.0, horodatage : 0x5a7cb095 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0004c7aa ID du processus défaillant : 0x191c Heure de début de l’application défaillante : 0x01d4eece5bfebf1c Chemin d’accès de l’application défaillante : C:\Users\Alexandre\Desktop\adwcleaner_7.0.8.0.exe Chemin d’accès du module défaillant: C:\Users\Alexandre\Desktop\adwcleaner_7.0.8.0.exe ID de rapport : 9f95406c-5ac1-11e9-84f7-90e6bac835e7 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error: (04/09/2019 02:13:44 PM) (Source: Perflib) (EventID: 1015) (User: ) Description: La fonction de collecte des données de performance « PerfProc » dans la bibliothèque « C:\Windows\System32\perfproc.dll » ne s’est pas exécutée dans le délai imparti. Il y a peut-être un problème sur ce compteur extensible, le service duquel le compteur recueille les données, ou le système était peut-être très occupé lorsque l’appel a été tenté. Error: (04/09/2019 01:34:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme LiveComm.exe version 17.5.9600.22013 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : ea4 Heure de début : 01d4eec779f2d7df Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\LiveComm.exe ID de rapport : 6d96dc0e-5abb-11e9-84f7-90e6bac835e7 Nom complet du package défaillant : microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/09/2019 01:34:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme backgroundTaskHost.exe version 6.3.9600.17415 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 1b50 Heure de début : 01d4eec779f262b1 Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Windows\system32\backgroundTaskHost.exe ID de rapport : 6d9ea45a-5abb-11e9-84f7-90e6bac835e7 Nom complet du package défaillant : CANALGroupe.CANALTOUCH_2.2.8.0_x64__4d0jsvmsaqz2m ID de l’application relative au package défaillant : App Error: (04/09/2019 01:19:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme backgroundTaskHost.exe version 6.3.9600.17415 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 488 Heure de début : 01d4eec5617fb75a Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Windows\system32\backgroundTaskHost.exe ID de rapport : 57b14d98-5ab9-11e9-84f7-90e6bac835e7 Nom complet du package défaillant : CANALGroupe.CANALTOUCH_2.2.8.0_x64__4d0jsvmsaqz2m ID de l’application relative au package défaillant : App Error: (04/09/2019 01:04:47 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme backgroundTaskHost.exe version 6.3.9600.17415 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 1b64 Heure de début : 01d4eec3490f7d10 Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Windows\system32\backgroundTaskHost.exe ID de rapport : 3dac8ac7-5ab7-11e9-84f7-90e6bac835e7 Nom complet du package défaillant : CANALGroupe.CANALTOUCH_2.2.8.0_x64__4d0jsvmsaqz2m ID de l’application relative au package défaillant : App Erreurs système: ============= Error: (04/10/2019 10:48:09 AM) (Source: DCOM) (EventID: 10016) (User: PC-BLADE) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} et l’APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} au SID PC-Blade\Alexandre de l’utilisateur (S-1-5-21-3166757265-2865098428-1234438810-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/10/2019 10:48:09 AM) (Source: DCOM) (EventID: 10016) (User: PC-BLADE) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} et l’APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} au SID PC-Blade\Alexandre de l’utilisateur (S-1-5-21-3166757265-2865098428-1234438810-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/10/2019 10:48:09 AM) (Source: DCOM) (EventID: 10016) (User: PC-BLADE) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} et l’APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} au SID PC-Blade\Alexandre de l’utilisateur (S-1-5-21-3166757265-2865098428-1234438810-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/10/2019 10:48:09 AM) (Source: DCOM) (EventID: 10016) (User: PC-BLADE) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} et l’APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} au SID PC-Blade\Alexandre de l’utilisateur (S-1-5-21-3166757265-2865098428-1234438810-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/10/2019 10:48:08 AM) (Source: DCOM) (EventID: 10016) (User: PC-BLADE) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} et l’APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} au SID PC-Blade\Alexandre de l’utilisateur (S-1-5-21-3166757265-2865098428-1234438810-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/10/2019 10:48:08 AM) (Source: DCOM) (EventID: 10016) (User: PC-BLADE) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} et l’APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} au SID PC-Blade\Alexandre de l’utilisateur (S-1-5-21-3166757265-2865098428-1234438810-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/10/2019 10:48:08 AM) (Source: DCOM) (EventID: 10016) (User: PC-BLADE) Description: Les paramètres d’autorisation propres à l’application n’accordent pas l’autorisation Local Exécution pour l’application serveur COM avec le CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} et l’APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} au SID PC-Blade\Alexandre de l’utilisateur (S-1-5-21-3166757265-2865098428-1234438810-1001) depuis l’adresse LocalHost (avec LRPC) s’exécutant dans le SID Non disponible du conteneur d’applications (Non disponible). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (04/10/2019 10:48:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Le service Avira Protection Web dépend du service Avira Protection temps réel qui n’a pas pu démarrer en raison de l’erreur : Après démarrage, le service s’est arrêté dans un état d’attente. CodeIntegrity: =================================== Date: 2019-04-10 10:48:14.771 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-10 10:40:04.804 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-10 10:08:49.153 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-09 11:44:44.127 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\guard32.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-09 00:00:06.661 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-08 00:14:49.895 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-07 13:58:28.740 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-07 00:53:34.228 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdcsr.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Infos Mémoire =========================== Processeur: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz Pourcentage de mémoire utilisée: 45% Mémoire physique - RAM - totale: 8183.05 MB Mémoire physique - RAM - disponible: 4429.06 MB Mémoire virtuelle totale: 14071.05 MB Mémoire virtuelle disponible: 9317.06 MB ==================== Lecteurs ================================ Drive c: () (Fixed) (Total:234.03 GB) (Free:38.27 GB) NTFS Drive d: (FSX Disk 2) (CDROM) (Total:4.05 GB) (Free:0 GB) UDF Drive e: (Nouveau nom) (Fixed) (Total:231.38 GB) (Free:182.36 GB) NTFS Drive i: (KINGSTON) (Removable) (Total:57.73 GB) (Free:49.67 GB) FAT32 Drive l: (Nouveau nom) (Fixed) (Total:1863.01 GB) (Free:200.4 GB) NTFS \\?\Volume{b45b2f0e-784f-11e3-824b-806e6f6e6963}\ (Réservé au système) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==================== MBR & Table des partitions ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 726B7F1E) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=234 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=231.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 89B3460A) Partition 1: (Not Active) - (Size=1863 GB) - (Type=42) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 57.8 GB) (Disk ID: D2474296) Partition 1: (Active) - (Size=57.7 GB) - (Type=0C) ==================== Fin de Addition.txt ============================