Analysis
-
max time kernel
144s -
max time network
641s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
15-04-2024 12:21
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Sets file to hidden 1 TTPs 64 IoCs
Modifies file attributes to stop it showing in Explorer etc.
Processes:
attrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exepid process 13016 attrib.exe 11204 attrib.exe 11568 18560 2856 attrib.exe 7908 attrib.exe 10704 attrib.exe 5616 attrib.exe 7972 attrib.exe 2732 attrib.exe 12780 11512 18488 7580 attrib.exe 7848 attrib.exe 4812 attrib.exe 4868 18484 11940 attrib.exe 7272 15964 7748 12840 attrib.exe 3124 7156 6404 attrib.exe 6944 attrib.exe 14616 17000 8128 16604 17248 17484 10652 attrib.exe 10460 attrib.exe 11412 attrib.exe 11292 attrib.exe 18876 5676 attrib.exe 7920 attrib.exe 7272 12936 5028 attrib.exe 8560 attrib.exe 9704 attrib.exe 8760 attrib.exe 15908 18156 5432 attrib.exe 13500 attrib.exe 12312 5080 5756 18352 14916 10068 attrib.exe 8252 10440 15128 4520 attrib.exe 2204 attrib.exe 2228 13168 7524 -
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
agent_launcher.exeagent_launcher.exeagent_launcher.exeagent_launcher.exeagent_launcher.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation agent_launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation agent_launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation agent_launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation agent_launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation agent_launcher.exe -
Executes dropped EXE 20 IoCs
Processes:
agent_launcher.exeagent_launcher.exebddeploy.exebddeploy.exesetuppackage.exeagent_launcher.exesetuppackage.exebddeploy.exesetuppackage.exeagent_launcher.exeagent_launcher.exeinstaller.exeinstaller.exeinstaller.exebddeploy.exebddeploy.exesetuppackage.exesetuppackage.exeinstaller.exeinstaller.exepid process 5508 agent_launcher.exe 5696 agent_launcher.exe 5800 bddeploy.exe 5820 bddeploy.exe 5952 setuppackage.exe 6068 agent_launcher.exe 6076 setuppackage.exe 5164 bddeploy.exe 6056 setuppackage.exe 6404 agent_launcher.exe 6512 agent_launcher.exe 6756 installer.exe 6732 installer.exe 6896 installer.exe 6928 bddeploy.exe 6920 bddeploy.exe 7052 setuppackage.exe 7076 setuppackage.exe 6012 installer.exe 1392 installer.exe -
Loads dropped DLL 17 IoCs
Processes:
installer.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exepid process 6732 installer.exe 6756 installer.exe 6896 installer.exe 6756 installer.exe 6732 installer.exe 6896 installer.exe 6756 installer.exe 6732 installer.exe 6896 installer.exe 6012 installer.exe 6012 installer.exe 1392 installer.exe 6012 installer.exe 1392 installer.exe 1392 installer.exe 1392 installer.exe 1392 installer.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
Processes:
flow ioc 619 raw.githubusercontent.com 617 raw.githubusercontent.com 618 raw.githubusercontent.com -
Drops file in Program Files directory 64 IoCs
Processes:
installer.exedescription ioc process File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\vi-VN\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\failed.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon_warning_slow_connection.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\network-error.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\ui\ltr installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\bdnc.ini installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\it-IT installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\b-icon.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load_big.png installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\settings\LoggerConfig.xml installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-win.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icon-warn.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\bdch_bdec.ini installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\tr-TR installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-gg.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\check-large.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-BR\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ro-RO\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\bitdefender-logo.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\bdch.dll installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\log.dll installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load-medium.png installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\icon-safe.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266 installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\es-ES\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\settings\UPNPDescr.xml installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\html\Agent\login2_loading.html installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\bitdefender-logo.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-warning.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\icon_informative.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\es-ES\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\field-error.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load-medium.png installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\bitdefender_logo.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\fr-FR installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\slider.png installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\bdui_progress_fgr.png installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\sv-SE installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgent.dll installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\html\Agent\login2_error.html installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\close_hover.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\loader.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\icon_quest.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\icon-warn.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\iservconfig.dll installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\en-US\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ru-RU\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\btn-close.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\b-icon-popup.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\feedback_hover.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\critical_fixups32.dll installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\cs-CZ\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-PT\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\logo-shadow.png installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\open.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\it-IT\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentDP.dll installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\logo-w.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\down-arrow.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\x64\FixSfp64.exe installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-warning.svg installer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 4 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 9188 8592 WerFault.exe notepad.exe 13900 13724 WerFault.exe notepad.exe 16248 15764 18608 8884 -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{AA7F2615-47BD-42A7-A0A4-17EDAB39076C} msedge.exe -
Processes:
agent_launcher.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 agent_launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e agent_launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e agent_launcher.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
installer.exeinstaller.exeinstaller.exeinstaller.exeinstaller.exedescription pid process Token: SeDebugPrivilege 6732 installer.exe Token: SeDebugPrivilege 6896 installer.exe Token: SeDebugPrivilege 6756 installer.exe Token: SeDebugPrivilege 6012 installer.exe Token: SeDebugPrivilege 1392 installer.exe -
Suspicious use of WriteProcessMemory 60 IoCs
Processes:
bitdefender_tsecurity.exebitdefender_tsecurity.exeagent_launcher.exeagent_launcher.exebddeploy.exebitdefender_tsecurity.exebddeploy.exeagent_launcher.exebddeploy.exebitdefender_tsecurity.exebitdefender_tsecurity.exeagent_launcher.exeagent_launcher.exebddeploy.exebddeploy.exedescription pid process target process PID 5168 wrote to memory of 5508 5168 bitdefender_tsecurity.exe agent_launcher.exe PID 5168 wrote to memory of 5508 5168 bitdefender_tsecurity.exe agent_launcher.exe PID 5168 wrote to memory of 5508 5168 bitdefender_tsecurity.exe agent_launcher.exe PID 5532 wrote to memory of 5696 5532 bitdefender_tsecurity.exe agent_launcher.exe PID 5532 wrote to memory of 5696 5532 bitdefender_tsecurity.exe agent_launcher.exe PID 5532 wrote to memory of 5696 5532 bitdefender_tsecurity.exe agent_launcher.exe PID 5508 wrote to memory of 5800 5508 agent_launcher.exe bddeploy.exe PID 5508 wrote to memory of 5800 5508 agent_launcher.exe bddeploy.exe PID 5508 wrote to memory of 5800 5508 agent_launcher.exe bddeploy.exe PID 5696 wrote to memory of 5820 5696 agent_launcher.exe bddeploy.exe PID 5696 wrote to memory of 5820 5696 agent_launcher.exe bddeploy.exe PID 5696 wrote to memory of 5820 5696 agent_launcher.exe bddeploy.exe PID 5820 wrote to memory of 5952 5820 bddeploy.exe setuppackage.exe PID 5820 wrote to memory of 5952 5820 bddeploy.exe setuppackage.exe PID 5820 wrote to memory of 5952 5820 bddeploy.exe setuppackage.exe PID 5828 wrote to memory of 6068 5828 bitdefender_tsecurity.exe agent_launcher.exe PID 5828 wrote to memory of 6068 5828 bitdefender_tsecurity.exe agent_launcher.exe PID 5828 wrote to memory of 6068 5828 bitdefender_tsecurity.exe agent_launcher.exe PID 5800 wrote to memory of 6076 5800 bddeploy.exe setuppackage.exe PID 5800 wrote to memory of 6076 5800 bddeploy.exe setuppackage.exe PID 5800 wrote to memory of 6076 5800 bddeploy.exe setuppackage.exe PID 6068 wrote to memory of 5164 6068 agent_launcher.exe bddeploy.exe PID 6068 wrote to memory of 5164 6068 agent_launcher.exe bddeploy.exe PID 6068 wrote to memory of 5164 6068 agent_launcher.exe bddeploy.exe PID 5164 wrote to memory of 6056 5164 bddeploy.exe setuppackage.exe PID 5164 wrote to memory of 6056 5164 bddeploy.exe setuppackage.exe PID 5164 wrote to memory of 6056 5164 bddeploy.exe setuppackage.exe PID 1252 wrote to memory of 6404 1252 bitdefender_tsecurity.exe agent_launcher.exe PID 1252 wrote to memory of 6404 1252 bitdefender_tsecurity.exe agent_launcher.exe PID 1252 wrote to memory of 6404 1252 bitdefender_tsecurity.exe agent_launcher.exe PID 5124 wrote to memory of 6512 5124 bitdefender_tsecurity.exe agent_launcher.exe PID 5124 wrote to memory of 6512 5124 bitdefender_tsecurity.exe agent_launcher.exe PID 5124 wrote to memory of 6512 5124 bitdefender_tsecurity.exe agent_launcher.exe PID 5820 wrote to memory of 6756 5820 bddeploy.exe installer.exe PID 5820 wrote to memory of 6756 5820 bddeploy.exe installer.exe PID 5820 wrote to memory of 6756 5820 bddeploy.exe installer.exe PID 5800 wrote to memory of 6732 5800 bddeploy.exe installer.exe PID 5800 wrote to memory of 6732 5800 bddeploy.exe installer.exe PID 5800 wrote to memory of 6732 5800 bddeploy.exe installer.exe PID 5164 wrote to memory of 6896 5164 bddeploy.exe installer.exe PID 5164 wrote to memory of 6896 5164 bddeploy.exe installer.exe PID 5164 wrote to memory of 6896 5164 bddeploy.exe installer.exe PID 6512 wrote to memory of 6920 6512 agent_launcher.exe bddeploy.exe PID 6512 wrote to memory of 6920 6512 agent_launcher.exe bddeploy.exe PID 6512 wrote to memory of 6920 6512 agent_launcher.exe bddeploy.exe PID 6404 wrote to memory of 6928 6404 agent_launcher.exe bddeploy.exe PID 6404 wrote to memory of 6928 6404 agent_launcher.exe bddeploy.exe PID 6404 wrote to memory of 6928 6404 agent_launcher.exe bddeploy.exe PID 6920 wrote to memory of 7052 6920 bddeploy.exe setuppackage.exe PID 6920 wrote to memory of 7052 6920 bddeploy.exe setuppackage.exe PID 6920 wrote to memory of 7052 6920 bddeploy.exe setuppackage.exe PID 6928 wrote to memory of 7076 6928 bddeploy.exe setuppackage.exe PID 6928 wrote to memory of 7076 6928 bddeploy.exe setuppackage.exe PID 6928 wrote to memory of 7076 6928 bddeploy.exe setuppackage.exe PID 6928 wrote to memory of 6012 6928 bddeploy.exe installer.exe PID 6928 wrote to memory of 6012 6928 bddeploy.exe installer.exe PID 6928 wrote to memory of 6012 6928 bddeploy.exe installer.exe PID 6920 wrote to memory of 1392 6920 bddeploy.exe installer.exe PID 6920 wrote to memory of 1392 6920 bddeploy.exe installer.exe PID 6920 wrote to memory of 1392 6920 bddeploy.exe installer.exe -
Views/modifies file attributes 1 TTPs 64 IoCs
Processes:
attrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exeattrib.exepid process 12884 3672 3692 attrib.exe 6040 attrib.exe 8172 attrib.exe 2248 attrib.exe 10040 attrib.exe 5168 attrib.exe 7320 12096 11760 6612 attrib.exe 3636 attrib.exe 13416 19316 6928 544 attrib.exe 4280 attrib.exe 7052 15908 6756 10088 11320 14352 840 attrib.exe 17000 6316 attrib.exe 8344 attrib.exe 9660 11296 6008 9324 attrib.exe 1216 7012 7280 attrib.exe 4348 attrib.exe 17080 5044 17492 4712 attrib.exe 16212 1648 attrib.exe 7072 attrib.exe 7872 attrib.exe 5452 attrib.exe 12704 10648 7892 attrib.exe 8920 attrib.exe 11384 attrib.exe 6948 11820 1760 3068 attrib.exe 5828 attrib.exe 10376 attrib.exe 5676 attrib.exe 11036 attrib.exe 16848 4252 attrib.exe 4928 attrib.exe 8868 attrib.exe 8128 14436
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://web.archive.org1⤵PID:948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3640 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:5072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4144 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:4824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5332 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:1840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5448 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:2684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5512 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:3116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4332 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:876
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\9458133a422e416f9f9c4bee2adae15a /t 2308 /p 30121⤵PID:4520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=4732 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5692 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:5016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=4984 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:4704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6140 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:3164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5096 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:1168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5824 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:2940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6124 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:1204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5796 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:3104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6296 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵
- Modifies registry class
PID:1568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6104 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:4656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6112 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:1528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6648 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:4804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6676 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:3220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6816 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:1744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6380 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:4576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=7012 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=5564 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:3400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=5464 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:3520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6364 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:1972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=7028 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:2864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=7436 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:3624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=7392 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=7024 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:3188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=7380 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:3380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=7524 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:4560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=7904 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=7864 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:1076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7320 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=8144 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:11⤵PID:4944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=8448 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:3120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8592 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:81⤵PID:2108
-
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5168 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:5508 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5800 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"4⤵
- Executes dropped EXE
PID:6076 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:6732
-
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5532 -
C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5696 -
C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5820 -
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe"4⤵
- Executes dropped EXE
PID:5952 -
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:6756
-
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5828 -
C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:6068 -
C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5164 -
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe"4⤵
- Executes dropped EXE
PID:6056 -
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:6896
-
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"1⤵PID:6032
-
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1252 -
C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:6404 -
C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:6928 -
C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe"4⤵
- Executes dropped EXE
PID:7076 -
C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:6012
-
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"1⤵PID:5140
-
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5124 -
C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:6512 -
C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:6920 -
C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe"4⤵
- Executes dropped EXE
PID:7052 -
C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1392 -
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" protect5⤵PID:3044
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" install5⤵PID:5776
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enable5⤵PID:5724
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" start "C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"5⤵PID:5320
-
C:\Program Files\Bitdefender Agent\redline\bdredline.exe"C:\Program Files\Bitdefender Agent\redline\bdredline.exe"1⤵PID:5552
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3112
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe"1⤵PID:6420
-
C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe" install2⤵PID:6528
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll"3⤵PID:5932
-
C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"2⤵PID:6532
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"ProductAgentService.exe" login_silent2⤵PID:1364
-
C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe" show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2 app_name="Bitdefender Security"2⤵PID:4992
-
C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe" install2⤵PID:6848
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost1⤵PID:6600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵PID:6368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ffadb592e98,0x7ffadb592ea4,0x7ffadb592eb02⤵PID:6636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2232 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:22⤵PID:7116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2652 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:32⤵PID:7144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2672 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:7152
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:4120
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:5944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4552 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:4084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4756 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:5460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4888 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:1584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5004 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:5068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5296 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:2768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5492 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:3164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5868 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:5408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5392 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:5004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6196 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:5596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4628 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:1960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5388 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:3112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6464 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:5788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6508 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:6276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4560 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:6388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6760 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:5316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5312 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:5044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2120 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:4396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6920 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:4680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6024 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:1064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3712 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:2336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6560 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:4316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6308 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:6644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6448 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:3876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7304 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:1624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7352 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:6240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7392 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:12⤵PID:6264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=8028 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:3580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6028 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:82⤵PID:4856
-
C:\Users\Admin\Downloads\Blackkomet.exe"C:\Users\Admin\Downloads\Blackkomet.exe"2⤵PID:6516
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵PID:6388
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h3⤵PID:2936
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads" +s +h3⤵PID:6376
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"3⤵PID:4036
-
C:\Windows\SysWOW64\notepad.exenotepad4⤵PID:6208
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h4⤵PID:7000
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h4⤵PID:6724
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"4⤵PID:6372
-
C:\Windows\SysWOW64\notepad.exenotepad5⤵PID:532
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h5⤵
- Views/modifies file attributes
PID:3068 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h5⤵PID:2676
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"5⤵PID:4012
-
C:\Windows\SysWOW64\notepad.exenotepad6⤵PID:6856
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h6⤵PID:4632
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h6⤵PID:3580
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"6⤵PID:2312
-
C:\Windows\SysWOW64\notepad.exenotepad7⤵PID:6864
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h7⤵PID:1644
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h7⤵
- Sets file to hidden
PID:6404 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"7⤵PID:1460
-
C:\Windows\SysWOW64\notepad.exenotepad8⤵PID:3220
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h8⤵PID:3708
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h8⤵PID:6504
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"8⤵PID:3728
-
C:\Windows\SysWOW64\notepad.exenotepad9⤵PID:1800
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h9⤵
- Views/modifies file attributes
PID:7072 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h9⤵PID:4748
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"9⤵PID:3204
-
C:\Windows\SysWOW64\notepad.exenotepad10⤵PID:3236
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h10⤵PID:6536
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h10⤵PID:3684
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"10⤵PID:7688
-
C:\Windows\SysWOW64\notepad.exenotepad11⤵PID:7800
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h11⤵PID:7864
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h11⤵
- Views/modifies file attributes
PID:7872 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"11⤵PID:5680
-
C:\Windows\SysWOW64\notepad.exenotepad12⤵PID:7612
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h12⤵PID:7068
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h12⤵PID:4016
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"12⤵PID:7908
-
C:\Windows\SysWOW64\notepad.exenotepad13⤵PID:7636
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h13⤵PID:8080
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h13⤵PID:8132
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"13⤵PID:6516
-
C:\Windows\SysWOW64\notepad.exenotepad14⤵PID:7384
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h14⤵PID:7416
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h14⤵PID:7368
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"14⤵PID:7724
-
C:\Windows\SysWOW64\notepad.exenotepad15⤵PID:4416
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h15⤵PID:6332
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h15⤵
- Views/modifies file attributes
PID:7892 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"15⤵PID:7420
-
C:\Windows\SysWOW64\notepad.exenotepad16⤵PID:6904
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h16⤵PID:7284
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h16⤵
- Sets file to hidden
PID:7908 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"16⤵PID:8088
-
C:\Windows\SysWOW64\notepad.exenotepad17⤵PID:7988
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h17⤵PID:7792
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h17⤵PID:7664
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"17⤵PID:8636
-
C:\Windows\SysWOW64\notepad.exenotepad18⤵PID:8788
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h18⤵PID:8832
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h18⤵PID:8840
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"18⤵PID:8504
-
C:\Windows\SysWOW64\notepad.exenotepad19⤵PID:1064
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h19⤵PID:3636
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h19⤵PID:6672
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"19⤵PID:8496
-
C:\Windows\SysWOW64\notepad.exenotepad20⤵PID:8732
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h20⤵PID:7936
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h20⤵PID:8996
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"20⤵PID:3548
-
C:\Windows\SysWOW64\notepad.exenotepad21⤵PID:7084
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h21⤵PID:7172
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h21⤵PID:9156
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"21⤵PID:7356
-
C:\Windows\SysWOW64\notepad.exenotepad22⤵PID:5692
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h22⤵PID:8800
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h22⤵PID:5604
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"22⤵PID:9660
-
C:\Windows\SysWOW64\notepad.exenotepad23⤵PID:9832
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h23⤵PID:9860
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h23⤵PID:9868
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"23⤵PID:8760
-
C:\Windows\SysWOW64\notepad.exenotepad24⤵PID:7936
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h24⤵PID:7172
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h24⤵PID:8460
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"24⤵PID:10280
-
C:\Windows\SysWOW64\notepad.exenotepad25⤵PID:10380
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h25⤵PID:10412
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h25⤵PID:10420
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"25⤵PID:11136
-
C:\Windows\SysWOW64\notepad.exenotepad26⤵PID:6244
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h26⤵
- Sets file to hidden
PID:10068 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h26⤵PID:9860
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"26⤵PID:2408
-
C:\Windows\SysWOW64\notepad.exenotepad27⤵PID:11132
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h27⤵
- Views/modifies file attributes
PID:10376 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h27⤵PID:10528
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"27⤵PID:10964
-
C:\Windows\SysWOW64\notepad.exenotepad28⤵PID:840
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h28⤵PID:11260
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h28⤵PID:11196
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"28⤵PID:10220
-
C:\Windows\SysWOW64\notepad.exenotepad29⤵PID:6808
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h29⤵PID:8784
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h29⤵PID:10332
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"29⤵PID:10456
-
C:\Windows\SysWOW64\notepad.exenotepad30⤵PID:10420
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h30⤵PID:7096
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h30⤵PID:11116
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"30⤵PID:1840
-
C:\Windows\SysWOW64\notepad.exenotepad31⤵PID:7400
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h31⤵PID:3468
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h31⤵
- Views/modifies file attributes
PID:5452 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"31⤵PID:11872
-
C:\Windows\SysWOW64\notepad.exenotepad32⤵PID:12104
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h32⤵PID:12244
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h32⤵PID:12252
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"32⤵PID:11868
-
C:\Windows\SysWOW64\notepad.exenotepad33⤵PID:8912
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h33⤵PID:11552
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h33⤵
- Sets file to hidden
PID:11412 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"33⤵PID:11568
-
C:\Windows\SysWOW64\notepad.exenotepad34⤵PID:11556
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h34⤵PID:5264
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h34⤵PID:9404
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"34⤵PID:11836
-
C:\Windows\SysWOW64\notepad.exenotepad35⤵PID:11444
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h35⤵PID:6064
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h35⤵PID:11356
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"35⤵PID:11852
-
C:\Windows\SysWOW64\notepad.exenotepad36⤵PID:11592
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h36⤵PID:1640
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h36⤵
- Sets file to hidden
PID:7920 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"36⤵PID:2432
-
C:\Windows\SysWOW64\notepad.exenotepad37⤵PID:12176
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h37⤵PID:7056
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h37⤵
- Sets file to hidden
PID:11292 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"37⤵PID:12980
-
C:\Windows\SysWOW64\notepad.exenotepad38⤵PID:13196
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h38⤵PID:13256
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h38⤵PID:13264
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"38⤵PID:12640
-
C:\Windows\SysWOW64\notepad.exenotepad39⤵PID:8488
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h39⤵PID:8800
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h39⤵PID:7736
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"39⤵PID:9020
-
C:\Windows\SysWOW64\notepad.exenotepad40⤵PID:13012
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h40⤵PID:9992
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h40⤵PID:13116
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"40⤵PID:11332
-
C:\Windows\SysWOW64\notepad.exenotepad41⤵PID:13104
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h41⤵PID:12632
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h41⤵PID:12848
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"41⤵PID:4824
-
C:\Windows\SysWOW64\notepad.exenotepad42⤵PID:5072
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h42⤵PID:10136
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h42⤵PID:6792
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"42⤵PID:10984
-
C:\Windows\SysWOW64\notepad.exenotepad43⤵PID:1456
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h43⤵PID:9724
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h43⤵PID:12644
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"43⤵PID:8508
-
C:\Windows\SysWOW64\notepad.exenotepad44⤵PID:6616
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h44⤵PID:2068
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h44⤵PID:3484
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"44⤵PID:12012
-
C:\Windows\SysWOW64\notepad.exenotepad45⤵PID:5760
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h45⤵PID:208
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h45⤵PID:2140
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"45⤵PID:5508
-
C:\Windows\SysWOW64\notepad.exenotepad46⤵PID:13324
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h46⤵PID:13384
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h46⤵PID:13392
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"46⤵PID:14108
-
C:\Windows\SysWOW64\notepad.exenotepad47⤵PID:14276
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe46⤵PID:14116
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe45⤵PID:4272
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe44⤵PID:1804
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe43⤵PID:11324
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe42⤵PID:5304
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe41⤵PID:2100
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe40⤵PID:12660
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe39⤵PID:11128
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe38⤵PID:11872
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe37⤵PID:12988
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe36⤵PID:6992
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe35⤵PID:5432
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe34⤵PID:11864
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe33⤵PID:11948
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe32⤵PID:11840
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe31⤵PID:11888
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe30⤵PID:9084
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe29⤵PID:10368
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe28⤵PID:9904
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe27⤵PID:11192
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe26⤵PID:7164
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe25⤵PID:11144
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe24⤵PID:10288
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe23⤵PID:9316
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe22⤵PID:9672
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe21⤵PID:8328
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe20⤵PID:4400
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe19⤵PID:8364
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe18⤵PID:8540
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe17⤵PID:8648
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe16⤵PID:3552
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe15⤵PID:3108
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe14⤵PID:6976
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe13⤵PID:5788
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe12⤵PID:7576
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe11⤵PID:7500
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe10⤵PID:7704
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe9⤵PID:2572
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe8⤵PID:6500
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe7⤵PID:6724
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe6⤵PID:6168
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe5⤵PID:6952
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe4⤵PID:4124
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe3⤵PID:3628
-
C:\Users\Admin\Downloads\Blackkomet.exe"C:\Users\Admin\Downloads\Blackkomet.exe"2⤵PID:6924
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵PID:5560
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h3⤵
- Views/modifies file attributes
PID:1648 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads" +s +h3⤵PID:624
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"3⤵PID:3740
-
C:\Windows\SysWOW64\notepad.exenotepad4⤵PID:5096
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h4⤵PID:3884
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h4⤵PID:4860
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"4⤵PID:384
-
C:\Windows\SysWOW64\notepad.exenotepad5⤵PID:5128
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h5⤵PID:3416
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h5⤵PID:5264
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"5⤵PID:4328
-
C:\Windows\SysWOW64\notepad.exenotepad6⤵PID:4356
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h6⤵
- Views/modifies file attributes
PID:3692 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h6⤵PID:5076
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"6⤵PID:4752
-
C:\Windows\SysWOW64\notepad.exenotepad7⤵PID:3140
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h7⤵PID:3108
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h7⤵PID:5148
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"7⤵PID:2936
-
C:\Windows\SysWOW64\notepad.exenotepad8⤵PID:2908
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h8⤵
- Views/modifies file attributes
PID:6316 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h8⤵PID:1504
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"8⤵PID:3704
-
C:\Windows\SysWOW64\notepad.exenotepad9⤵PID:4520
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h9⤵PID:1136
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h9⤵PID:1220
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"9⤵PID:6316
-
C:\Windows\SysWOW64\notepad.exenotepad10⤵PID:6888
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h10⤵PID:6896
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h10⤵PID:1664
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"10⤵PID:7328
-
C:\Windows\SysWOW64\notepad.exenotepad11⤵PID:7444
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h11⤵PID:7572
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h11⤵
- Sets file to hidden
PID:7580 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"11⤵PID:6972
-
C:\Windows\SysWOW64\notepad.exenotepad12⤵PID:7264
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h12⤵PID:6960
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h12⤵
- Views/modifies file attributes
PID:4712 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"12⤵PID:7672
-
C:\Windows\SysWOW64\notepad.exenotepad13⤵PID:7440
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h13⤵PID:7328
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h13⤵PID:3408
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"13⤵PID:3688
-
C:\Windows\SysWOW64\notepad.exenotepad14⤵PID:7796
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h14⤵PID:2872
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h14⤵PID:4328
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"14⤵PID:7184
-
C:\Windows\SysWOW64\notepad.exenotepad15⤵PID:7968
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h15⤵PID:7648
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h15⤵PID:5068
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"15⤵PID:7924
-
C:\Windows\SysWOW64\notepad.exenotepad16⤵PID:4412
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h16⤵PID:5328
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h16⤵PID:3400
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"16⤵PID:7604
-
C:\Windows\SysWOW64\notepad.exenotepad17⤵PID:5132
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h17⤵
- Views/modifies file attributes
PID:6040 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h17⤵PID:4012
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"17⤵PID:8700
-
C:\Windows\SysWOW64\notepad.exenotepad18⤵PID:8808
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h18⤵PID:8868
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h18⤵PID:8880
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"18⤵PID:1796
-
C:\Windows\SysWOW64\notepad.exenotepad19⤵PID:8244
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h19⤵
- Views/modifies file attributes
PID:8920 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h19⤵PID:7604
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"19⤵PID:8552
-
C:\Windows\SysWOW64\notepad.exenotepad20⤵PID:8872
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h20⤵
- Views/modifies file attributes
PID:8868 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h20⤵PID:8980
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"20⤵PID:4324
-
C:\Windows\SysWOW64\notepad.exenotepad21⤵PID:8216
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h21⤵
- Views/modifies file attributes
PID:8172 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h21⤵
- Sets file to hidden
PID:7972 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"21⤵PID:2456
-
C:\Windows\SysWOW64\notepad.exenotepad22⤵PID:5400
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h22⤵PID:2232
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h22⤵PID:5908
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"22⤵PID:9744
-
C:\Windows\SysWOW64\notepad.exenotepad23⤵PID:9816
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h23⤵PID:9896
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h23⤵PID:9904
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"23⤵PID:5432
-
C:\Windows\SysWOW64\notepad.exenotepad24⤵PID:4324
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h24⤵
- Sets file to hidden
PID:9704 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h24⤵PID:8200
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"24⤵PID:10560
-
C:\Windows\SysWOW64\notepad.exenotepad25⤵PID:10616
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h25⤵
- Sets file to hidden
PID:10652 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h25⤵PID:10660
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"25⤵PID:10436
-
C:\Windows\SysWOW64\notepad.exenotepad26⤵PID:9376
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h26⤵PID:9384
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h26⤵PID:7116
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"26⤵PID:5704
-
C:\Windows\SysWOW64\notepad.exenotepad27⤵PID:10012
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h27⤵
- Sets file to hidden
PID:10704 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h27⤵
- Sets file to hidden
PID:10460 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"27⤵PID:5076
-
C:\Windows\SysWOW64\notepad.exenotepad28⤵PID:5556
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h28⤵PID:9948
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h28⤵PID:5332
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"28⤵PID:10284
-
C:\Windows\SysWOW64\notepad.exenotepad29⤵PID:10872
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h29⤵
- Sets file to hidden
PID:8760 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h29⤵PID:2588
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"29⤵PID:10268
-
C:\Windows\SysWOW64\notepad.exenotepad30⤵PID:7140
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h30⤵PID:11104
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h30⤵PID:10632
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"30⤵PID:4928
-
C:\Windows\SysWOW64\notepad.exenotepad31⤵PID:11340
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h31⤵PID:11452
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h31⤵PID:11460
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"31⤵PID:11952
-
C:\Windows\SysWOW64\notepad.exenotepad32⤵PID:12120
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h32⤵PID:12224
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h32⤵PID:12232
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"32⤵PID:9336
-
C:\Windows\SysWOW64\notepad.exenotepad33⤵PID:11300
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h33⤵PID:11392
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h33⤵PID:11400
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"33⤵PID:11876
-
C:\Windows\SysWOW64\notepad.exenotepad34⤵PID:4928
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h34⤵PID:10688
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h34⤵PID:6660
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"34⤵PID:6516
-
C:\Windows\SysWOW64\notepad.exenotepad35⤵PID:5476
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h35⤵PID:6920
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h35⤵PID:2616
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"35⤵PID:11828
-
C:\Windows\SysWOW64\notepad.exenotepad36⤵PID:4476
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h36⤵PID:11744
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h36⤵PID:11884
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"36⤵PID:9908
-
C:\Windows\SysWOW64\notepad.exenotepad37⤵PID:12180
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h37⤵PID:9196
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h37⤵
- Sets file to hidden
PID:5616 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"37⤵PID:12892
-
C:\Windows\SysWOW64\notepad.exenotepad38⤵PID:12960
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h38⤵PID:13008
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h38⤵
- Sets file to hidden
PID:13016 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"38⤵PID:4600
-
C:\Windows\SysWOW64\notepad.exenotepad39⤵PID:12672
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h39⤵PID:11860
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h39⤵
- Views/modifies file attributes
PID:3636 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"39⤵PID:13028
-
C:\Windows\SysWOW64\notepad.exenotepad40⤵PID:13188
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h40⤵PID:8564
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h40⤵PID:12220
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"40⤵PID:2616
-
C:\Windows\SysWOW64\notepad.exenotepad41⤵PID:5980
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h41⤵PID:12840
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h41⤵
- Sets file to hidden
PID:11204 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"41⤵PID:11384
-
C:\Windows\SysWOW64\notepad.exenotepad42⤵PID:5372
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h42⤵
- Sets file to hidden
PID:4812 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h42⤵
- Sets file to hidden
PID:2204 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"42⤵PID:6020
-
C:\Windows\SysWOW64\notepad.exenotepad43⤵PID:3664
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h43⤵
- Views/modifies file attributes
PID:4348 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h43⤵PID:13296
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"43⤵PID:13016
-
C:\Windows\SysWOW64\notepad.exenotepad44⤵PID:6736
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h44⤵PID:5704
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h44⤵PID:5912
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"44⤵PID:1540
-
C:\Windows\SysWOW64\notepad.exenotepad45⤵PID:2756
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h45⤵
- Views/modifies file attributes
PID:5168 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h45⤵PID:1184
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"45⤵PID:11292
-
C:\Windows\SysWOW64\notepad.exenotepad46⤵PID:13020
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h46⤵PID:2976
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h46⤵PID:4704
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"46⤵PID:14080
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe46⤵PID:14088
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe45⤵PID:13292
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe44⤵PID:6268
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe43⤵PID:10600
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe42⤵PID:12460
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe41⤵PID:10524
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe40⤵PID:6880
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe39⤵PID:12520
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe38⤵PID:12796
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe37⤵PID:12900
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe36⤵PID:10716
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe35⤵PID:11564
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe34⤵PID:11524
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe33⤵PID:10260
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe32⤵PID:2500
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe31⤵PID:11960
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe30⤵PID:7132
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe29⤵PID:400
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe28⤵PID:10876
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe27⤵PID:9872
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe26⤵PID:10532
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe25⤵PID:8548
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe24⤵PID:10568
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe23⤵PID:6160
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe22⤵PID:9752
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe21⤵PID:184
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe20⤵PID:5000
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe19⤵PID:8560
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe18⤵PID:5724
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe17⤵PID:8708
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe16⤵PID:5868
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe15⤵PID:1744
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe14⤵PID:3128
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe13⤵PID:7756
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe12⤵PID:7676
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe11⤵PID:624
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe10⤵PID:7336
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe9⤵PID:6876
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe8⤵PID:6956
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe7⤵PID:6376
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe6⤵PID:1448
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe5⤵PID:4972
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe4⤵PID:3996
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe3⤵PID:5840
-
C:\Users\Admin\Downloads\Blackkomet.exe"C:\Users\Admin\Downloads\Blackkomet.exe"2⤵PID:5724
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵PID:1820
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h3⤵PID:3228
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads" +s +h3⤵PID:3244
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"3⤵PID:5156
-
C:\Windows\SysWOW64\notepad.exenotepad4⤵PID:7060
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h4⤵PID:6176
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h4⤵PID:2188
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"4⤵PID:2536
-
C:\Windows\SysWOW64\notepad.exenotepad5⤵PID:5040
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h5⤵PID:2172
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h5⤵PID:4852
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"5⤵PID:456
-
C:\Windows\SysWOW64\notepad.exenotepad6⤵PID:6492
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h6⤵PID:832
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h6⤵PID:5288
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"6⤵PID:1584
-
C:\Windows\SysWOW64\notepad.exenotepad7⤵PID:2340
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h7⤵PID:1072
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h7⤵PID:4020
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"7⤵PID:6972
-
C:\Windows\SysWOW64\notepad.exenotepad8⤵PID:3692
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h8⤵PID:3560
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h8⤵PID:6092
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"8⤵PID:4436
-
C:\Windows\SysWOW64\notepad.exenotepad9⤵PID:4852
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h9⤵PID:2912
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h9⤵PID:6572
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"9⤵PID:3708
-
C:\Windows\SysWOW64\notepad.exenotepad10⤵PID:5744
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h10⤵PID:1136
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h10⤵PID:3416
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"10⤵PID:7696
-
C:\Windows\SysWOW64\notepad.exenotepad11⤵PID:7816
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h11⤵PID:7880
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h11⤵PID:7888
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"11⤵PID:7528
-
C:\Windows\SysWOW64\notepad.exenotepad12⤵PID:2652
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h12⤵PID:6452
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h12⤵PID:2260
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"12⤵PID:8176
-
C:\Windows\SysWOW64\notepad.exenotepad13⤵PID:5368
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h13⤵PID:404
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h13⤵PID:6580
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"13⤵PID:7924
-
C:\Windows\SysWOW64\notepad.exenotepad14⤵PID:7392
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h14⤵
- Views/modifies file attributes
PID:4280 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h14⤵PID:1640
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"14⤵PID:2456
-
C:\Windows\SysWOW64\notepad.exenotepad15⤵PID:7528
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h15⤵
- Views/modifies file attributes
PID:4928 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h15⤵PID:3612
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"15⤵PID:4896
-
C:\Windows\SysWOW64\notepad.exenotepad16⤵PID:6248
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h16⤵
- Sets file to hidden
PID:5028 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h16⤵PID:5860
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"16⤵PID:8212
-
C:\Windows\SysWOW64\notepad.exenotepad17⤵PID:8312
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h17⤵PID:8340
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h17⤵PID:8348
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"17⤵PID:9100
-
C:\Windows\SysWOW64\notepad.exenotepad18⤵PID:9164
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h18⤵PID:9188
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h18⤵PID:9200
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"18⤵PID:7924
-
C:\Windows\SysWOW64\notepad.exenotepad19⤵PID:5440
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h19⤵PID:5448
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h19⤵
- Views/modifies file attributes
PID:6612 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"19⤵PID:9020
-
C:\Windows\SysWOW64\notepad.exenotepad20⤵PID:7284
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h20⤵PID:8480
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h20⤵PID:5400
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"20⤵PID:7924
-
C:\Windows\SysWOW64\notepad.exenotepad21⤵PID:8592
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 35622⤵
- Program crash
PID:9188 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h21⤵PID:8456
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h21⤵PID:4328
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"21⤵PID:1568
-
C:\Windows\SysWOW64\notepad.exenotepad22⤵PID:4976
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h22⤵PID:5700
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h22⤵PID:6816
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"22⤵PID:10084
-
C:\Windows\SysWOW64\notepad.exenotepad23⤵PID:10224
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h23⤵
- Views/modifies file attributes
PID:840 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h23⤵PID:6192
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"23⤵PID:5928
-
C:\Windows\SysWOW64\notepad.exenotepad24⤵PID:4328
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h24⤵PID:9048
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h24⤵PID:9812
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"24⤵PID:10748
-
C:\Windows\SysWOW64\notepad.exenotepad25⤵PID:10888
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h25⤵PID:10960
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h25⤵PID:10968
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"25⤵PID:9724
-
C:\Windows\SysWOW64\notepad.exenotepad26⤵PID:8520
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h26⤵PID:4392
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h26⤵PID:5928
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"26⤵PID:11080
-
C:\Windows\SysWOW64\notepad.exenotepad27⤵PID:9932
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h27⤵PID:9604
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h27⤵
- Views/modifies file attributes
PID:8344 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"27⤵PID:10608
-
C:\Windows\SysWOW64\notepad.exenotepad28⤵PID:3500
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h28⤵PID:5396
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h28⤵PID:11036
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"28⤵PID:7568
-
C:\Windows\SysWOW64\notepad.exenotepad29⤵PID:9688
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h29⤵PID:10424
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h29⤵PID:5060
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"29⤵PID:10588
-
C:\Windows\SysWOW64\notepad.exenotepad30⤵PID:6404
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h30⤵
- Sets file to hidden
PID:5432 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h30⤵PID:11272
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"30⤵PID:11880
-
C:\Windows\SysWOW64\notepad.exenotepad31⤵PID:12084
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h31⤵PID:12208
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h31⤵PID:12216
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"31⤵PID:11628
-
C:\Windows\SysWOW64\notepad.exenotepad32⤵PID:10836
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h32⤵PID:5060
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h32⤵PID:9440
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"32⤵PID:11500
-
C:\Windows\SysWOW64\notepad.exenotepad33⤵PID:12060
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h33⤵
- Views/modifies file attributes
PID:2248 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h33⤵PID:7580
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"33⤵PID:11660
-
C:\Windows\SysWOW64\notepad.exenotepad34⤵PID:8060
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h34⤵PID:6748
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h34⤵PID:11036
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"34⤵PID:12032
-
C:\Windows\SysWOW64\notepad.exenotepad35⤵PID:11360
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h35⤵PID:12040
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h35⤵PID:11836
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"35⤵PID:11804
-
C:\Windows\SysWOW64\notepad.exenotepad36⤵PID:12416
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h36⤵PID:12536
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h36⤵PID:12580
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"36⤵PID:1812
-
C:\Windows\SysWOW64\notepad.exenotepad37⤵PID:12604
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h37⤵PID:8676
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h37⤵PID:12072
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"37⤵PID:3664
-
C:\Windows\SysWOW64\notepad.exenotepad38⤵PID:12336
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h38⤵
- Views/modifies file attributes
PID:10040 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h38⤵PID:10172
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"38⤵PID:5396
-
C:\Windows\SysWOW64\notepad.exenotepad39⤵PID:11868
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h39⤵
- Sets file to hidden
PID:2732 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h39⤵
- Sets file to hidden
PID:11940 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"39⤵PID:10592
-
C:\Windows\SysWOW64\notepad.exenotepad40⤵PID:7020
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h40⤵PID:12588
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h40⤵PID:6868
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"40⤵PID:2604
-
C:\Windows\SysWOW64\notepad.exenotepad41⤵PID:7124
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h41⤵PID:12260
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h41⤵PID:10860
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"41⤵PID:3372
-
C:\Windows\SysWOW64\notepad.exenotepad42⤵PID:8416
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h42⤵
- Sets file to hidden
PID:6944 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h42⤵PID:2040
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"42⤵PID:7236
-
C:\Windows\SysWOW64\notepad.exenotepad43⤵PID:6924
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h43⤵
- Sets file to hidden
PID:12840 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h43⤵PID:4172
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"43⤵PID:7232
-
C:\Windows\SysWOW64\notepad.exenotepad44⤵PID:13428
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h44⤵
- Sets file to hidden
PID:13500 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h44⤵PID:13508
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"44⤵PID:14044
-
C:\Windows\SysWOW64\notepad.exenotepad45⤵PID:14180
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h45⤵PID:14240
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h45⤵PID:14248
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe44⤵PID:14052
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe43⤵PID:5704
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe42⤵PID:11976
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe41⤵PID:1976
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe40⤵PID:8996
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe39⤵PID:12668
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe38⤵PID:13212
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe37⤵PID:13160
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe36⤵PID:5264
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe35⤵PID:2872
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe34⤵PID:9520
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe33⤵PID:7888
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe32⤵PID:860
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe31⤵PID:11684
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe30⤵PID:11904
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe29⤵PID:10308
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe28⤵PID:6836
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe27⤵PID:9124
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe26⤵PID:10972
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe25⤵PID:10684
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe24⤵PID:10764
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe23⤵PID:9980
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe22⤵PID:10092
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe21⤵PID:2856
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe20⤵PID:5424
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe19⤵PID:8880
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe18⤵PID:2260
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe17⤵PID:9108
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe16⤵PID:8224
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe15⤵PID:7300
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe14⤵PID:6436
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe13⤵PID:8012
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe12⤵PID:8028
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe11⤵PID:7548
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe10⤵PID:7712
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe9⤵PID:4036
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe8⤵PID:3744
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe7⤵PID:1960
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe6⤵PID:3156
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe5⤵PID:4060
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe4⤵PID:4508
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe3⤵PID:4356
-
C:\Users\Admin\Downloads\Blackkomet.exe"C:\Users\Admin\Downloads\Blackkomet.exe"2⤵PID:3960
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵PID:228
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h3⤵PID:376
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Users\Admin\Downloads" +s +h3⤵PID:4732
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"3⤵PID:4412
-
C:\Windows\SysWOW64\notepad.exenotepad4⤵PID:5092
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h4⤵PID:2992
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h4⤵PID:2340
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"4⤵PID:1220
-
C:\Windows\SysWOW64\notepad.exenotepad5⤵PID:2940
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h5⤵PID:2040
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h5⤵PID:7084
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"5⤵PID:2920
-
C:\Windows\SysWOW64\notepad.exenotepad6⤵PID:7076
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h6⤵
- Views/modifies file attributes
PID:4252 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h6⤵
- Sets file to hidden
PID:4520 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"6⤵PID:7080
-
C:\Windows\SysWOW64\notepad.exenotepad7⤵PID:3448
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h7⤵PID:6764
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h7⤵
- Views/modifies file attributes
PID:544 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"7⤵PID:5940
-
C:\Windows\SysWOW64\notepad.exenotepad8⤵PID:3640
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h8⤵PID:3416
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h8⤵PID:4580
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"8⤵PID:2448
-
C:\Windows\SysWOW64\notepad.exenotepad9⤵PID:6624
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h9⤵PID:4320
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h9⤵PID:6248
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"9⤵PID:2196
-
C:\Windows\SysWOW64\notepad.exenotepad10⤵PID:7252
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h10⤵
- Views/modifies file attributes
PID:7280 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h10⤵PID:7292
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"10⤵PID:8108
-
C:\Windows\SysWOW64\notepad.exenotepad11⤵PID:6136
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h11⤵PID:7084
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h11⤵
- Views/modifies file attributes
PID:5828 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"11⤵PID:4436
-
C:\Windows\SysWOW64\notepad.exenotepad12⤵PID:7308
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h12⤵PID:7184
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h12⤵PID:6536
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"12⤵PID:6436
-
C:\Windows\SysWOW64\notepad.exenotepad13⤵PID:4644
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h13⤵PID:8100
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h13⤵PID:8108
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"13⤵PID:1852
-
C:\Windows\SysWOW64\notepad.exenotepad14⤵PID:7584
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h14⤵PID:7412
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h14⤵
- Sets file to hidden
PID:2856 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"14⤵PID:7700
-
C:\Windows\SysWOW64\notepad.exenotepad15⤵PID:1564
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h15⤵PID:8164
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h15⤵PID:5556
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"15⤵PID:5472
-
C:\Windows\SysWOW64\notepad.exenotepad16⤵PID:7668
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h16⤵PID:6672
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h16⤵PID:1364
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"16⤵PID:8404
-
C:\Windows\SysWOW64\notepad.exenotepad17⤵PID:8528
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h17⤵PID:8552
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h17⤵
- Sets file to hidden
PID:8560 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"17⤵PID:5400
-
C:\Windows\SysWOW64\notepad.exenotepad18⤵PID:4900
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h18⤵PID:5648
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h18⤵PID:8300
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"18⤵PID:5276
-
C:\Windows\SysWOW64\notepad.exenotepad19⤵PID:7468
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h19⤵PID:4076
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h19⤵PID:4280
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"19⤵PID:7200
-
C:\Windows\SysWOW64\notepad.exenotepad20⤵PID:5984
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h20⤵PID:5576
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h20⤵PID:8760
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"20⤵PID:3500
-
C:\Windows\SysWOW64\notepad.exenotepad21⤵PID:9060
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h21⤵PID:8088
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h21⤵PID:8164
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"21⤵PID:8756
-
C:\Windows\SysWOW64\notepad.exenotepad22⤵PID:9240
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h22⤵
- Views/modifies file attributes
PID:9324 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h22⤵PID:9332
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"22⤵PID:9956
-
C:\Windows\SysWOW64\notepad.exenotepad23⤵PID:10196
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h23⤵PID:6728
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h23⤵PID:9384
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"23⤵PID:9500
-
C:\Windows\SysWOW64\notepad.exenotepad24⤵PID:9768
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h24⤵PID:1460
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h24⤵PID:9880
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"24⤵PID:10756
-
C:\Windows\SysWOW64\notepad.exenotepad25⤵PID:10912
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h25⤵PID:11004
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h25⤵PID:11012
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"25⤵PID:5844
-
C:\Windows\SysWOW64\notepad.exenotepad26⤵PID:10148
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h26⤵PID:10168
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h26⤵PID:8164
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"26⤵PID:9424
-
C:\Windows\SysWOW64\notepad.exenotepad27⤵PID:10820
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h27⤵PID:10748
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h27⤵PID:8072
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"27⤵PID:10784
-
C:\Windows\SysWOW64\notepad.exenotepad28⤵PID:6308
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h28⤵PID:10468
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h28⤵PID:10596
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"28⤵PID:10564
-
C:\Windows\SysWOW64\notepad.exenotepad29⤵PID:10164
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h29⤵PID:6256
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h29⤵PID:7192
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"29⤵PID:4084
-
C:\Windows\SysWOW64\notepad.exenotepad30⤵PID:4380
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h30⤵PID:3852
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h30⤵PID:952
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"30⤵PID:11408
-
C:\Windows\SysWOW64\notepad.exenotepad31⤵PID:11612
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h31⤵PID:11648
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h31⤵PID:11656
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"31⤵PID:12176
-
C:\Windows\SysWOW64\notepad.exenotepad32⤵PID:10284
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h32⤵PID:10052
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h32⤵PID:9660
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"32⤵PID:11688
-
C:\Windows\SysWOW64\notepad.exenotepad33⤵PID:11632
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h33⤵PID:5432
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h33⤵
- Views/modifies file attributes
PID:11384 -
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"33⤵PID:8344
-
C:\Windows\SysWOW64\notepad.exenotepad34⤵PID:9948
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h34⤵
- Sets file to hidden
PID:7848 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h34⤵PID:7056
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"34⤵PID:7368
-
C:\Windows\SysWOW64\notepad.exenotepad35⤵PID:11716
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h35⤵
- Sets file to hidden
- Views/modifies file attributes
PID:5676 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h35⤵PID:5420
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"35⤵PID:11792
-
C:\Windows\SysWOW64\notepad.exenotepad36⤵PID:11768
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h36⤵PID:11216
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h36⤵PID:2616
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"36⤵PID:6020
-
C:\Windows\SysWOW64\notepad.exenotepad37⤵PID:12396
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h37⤵PID:12520
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h37⤵PID:12528
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"37⤵PID:12144
-
C:\Windows\SysWOW64\notepad.exenotepad38⤵PID:5944
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h38⤵
- Views/modifies file attributes
PID:11036 -
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h38⤵PID:12236
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"38⤵PID:12916
-
C:\Windows\SysWOW64\notepad.exenotepad39⤵PID:12732
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h39⤵PID:6000
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h39⤵PID:12840
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"39⤵PID:12144
-
C:\Windows\SysWOW64\notepad.exenotepad40⤵PID:6332
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h40⤵PID:6064
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h40⤵PID:12260
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"40⤵PID:12304
-
C:\Windows\SysWOW64\notepad.exenotepad41⤵PID:12764
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h41⤵PID:4348
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h41⤵PID:4704
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"41⤵PID:11940
-
C:\Windows\SysWOW64\notepad.exenotepad42⤵PID:11248
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h42⤵PID:13040
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h42⤵PID:11316
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"42⤵PID:10584
-
C:\Windows\SysWOW64\notepad.exenotepad43⤵PID:2600
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h43⤵PID:6996
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h43⤵PID:11348
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"43⤵PID:6116
-
C:\Windows\SysWOW64\notepad.exenotepad44⤵PID:9960
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h44⤵PID:5508
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h44⤵PID:6792
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"44⤵PID:5912
-
C:\Windows\SysWOW64\notepad.exenotepad45⤵PID:6780
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h45⤵PID:12608
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h45⤵PID:6064
-
C:\Windows\SysWOW64\Windupdt\winupdate.exe"C:\Windows\system32\Windupdt\winupdate.exe"45⤵PID:13716
-
C:\Windows\SysWOW64\notepad.exenotepad46⤵PID:13784
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h46⤵PID:13872
-
C:\Windows\SysWOW64\attrib.exeattrib "C:\Windows\SysWOW64\Windupdt" +s +h46⤵PID:13880
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe45⤵PID:13724
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 13724 -s 41646⤵
- Program crash
PID:13900 -
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe44⤵PID:2324
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe43⤵PID:12144
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe42⤵PID:4800
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe41⤵PID:13172
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe40⤵PID:5564
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe39⤵PID:13156
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe38⤵PID:12892
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe37⤵PID:1852
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe36⤵PID:6644
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe35⤵PID:12100
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe34⤵PID:11752
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe33⤵PID:10032
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe32⤵PID:11408
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe31⤵PID:12268
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe30⤵PID:11416
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe29⤵PID:8168
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe28⤵PID:11016
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe27⤵PID:6984
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe26⤵PID:10980
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe25⤵PID:9372
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe24⤵PID:10772
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe23⤵PID:9392
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe22⤵PID:9964
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe21⤵PID:608
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe20⤵PID:8748
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe19⤵PID:8284
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe18⤵PID:7112
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe17⤵PID:4276
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe16⤵PID:8420
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe15⤵PID:7092
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe14⤵PID:7788
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe13⤵PID:3652
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe12⤵PID:6292
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe11⤵PID:4428
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe10⤵PID:8116
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe9⤵PID:5148
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe8⤵PID:4640
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe7⤵PID:2760
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe6⤵PID:4688
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe5⤵PID:1032
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe4⤵PID:4472
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe3⤵PID:3448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window2⤵PID:1256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2e0,0x7ffadb592e98,0x7ffadb592ea4,0x7ffadb592eb03⤵PID:9448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3060 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:23⤵PID:9156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3188 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:33⤵PID:8172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3312 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:1404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4320 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:9404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4604 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:6184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4644 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:6908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4920 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:10456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4996 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:10516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4920 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:6068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4320 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:11808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4316 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:11816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5432 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:11828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5896 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:11996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4596 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:10276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5404 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:12432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5400 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:13076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5300 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:13084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5892 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:11368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6300 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:4456
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5480 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:1812
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5480 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:1984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=4580 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:8668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6676 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:13⤵PID:6544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6936 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:83⤵PID:13004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵PID:4192
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8592 -ip 85921⤵PID:8520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵PID:9880
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 13724 -ip 137241⤵PID:13800
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
669KB
MD533bc0814d3ea990455a2e956a24fb71a
SHA109f9d7550d82512ddfdba4aafcb538a9eccab342
SHA25679a1b5b25ddac2372655399805ee5f8d770e1083440c67247d7ab5a659909f37
SHA512ea5a8cc2cce28e657d776d81e4d9865773eebc473a6052989d6f88b246bb907f9a3f260f7a816d9e30f752738e0fc18126e0b024f8e628422a58141148b5b5d3
-
Filesize
1.7MB
MD53e42b901cb1c89e5994649703aa27d09
SHA12df41dc5b36165fa2d3d02f2e5eaed6e33f435b8
SHA2563431e5ae5302dc04aecd77b1e52c2783c316a32e90349a8c418fb0e16e53a660
SHA512e7ce58642f32bfcedd787d4c512945d2ec0ee445a9a65ede932196ea87395812729dc3fdb0a22fa601ccb73a9372385b8bdc844f65ba61748175213e7f838b64
-
Filesize
1KB
MD5bdcf2d58ff16628e5cd7708a446c5f76
SHA1e61e02bfdd932ca3b605b1486df3206439e52463
SHA256352766658355f0ffcdab30aa0ecc504f69b4ec5c02240209ee168dcb69c56e91
SHA512f4d1a4ffc57d413c053a771356dcbddb5cfadd9692c2813e9cb05067583ede86afa9da590060ac8aa9dfd34e211d6907e85d00ee95099e96b1cdcf7621223ddc
-
Filesize
1.3MB
MD587708aa959b727dcbaf61e1e70e39102
SHA141742e628b8e5148e7dc79392bb14b51344418ed
SHA2566192ff8a25dfe8fe1f8ae025fb727ac29e69dd8f6702e89793ee9c27d09b5109
SHA5120a275257fa5baf92ba982e0d450ed1cd148c106b8a3170f30588df11089cec42b56e2371e62f675db87315622ddcc58bc42798d4927689a8dd4486abc5146b15
-
Filesize
78B
MD5bda7be337da35949bb617c42de5fd811
SHA1bf5e6c6a7dc9f9ccdb6207ac0d31a1aa76ec93e6
SHA25654e2f0d07609a40a45bb12d3a271eec1fb9021f62b756a4bdbdc42191fd79dcd
SHA51219b96b62a4055bdf254b13acba70fb8a4ec606a45abfe4fbf97c29aeb16a9e12d4e2529339f7571f62558559111f493bc52797388bfe629194cc89fb9d1b275e
-
Filesize
1.8MB
MD547f4ae0cf87bdc54a2ef7c4f4b11737f
SHA1c3a9389a6614d0127253d5b6092752dd709570e8
SHA256af2928fc85499f5e63c78147bc5f971e9155004f557db92a9bf48da6d912431d
SHA512676619dc3d1c8f7978760bb5a26df62e87006df8c1aa4e6223204f11563dd284c17921e997fbb4f3923785c507b133dadb4b142467d8d48e5efab3b7f7dbb5cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\27578007-112c-4c47-aede-c248be905d30.dmp
Filesize11.4MB
MD5307eea67f8c433d1ae6232772f04dbbb
SHA1b8940671413a439aa9e9409a2fc63d9acb5ccdd7
SHA2565837b9ae5b7db3bb9d558b7e174285711a8d1667223abf82ddac1858137768f9
SHA512163a280c2ead46a1ad83bea6f976a2e8c1aab91c10d3a830319a5cd812c665529d52a5a4ea0238a86279e3ad52abe84e91938aaef8a1b288329759e50160bc03
-
Filesize
280B
MD50bfe6baae0250d225c8ab1c92381b1c0
SHA1fa198f896787d6bdf60c75a99b05436aca6d49c9
SHA2565b59cf7f4d19249c39181ced4326fb323b474e3ffba235db8459f1bb29029b84
SHA512ea8aa75d6496522d0eceb6b50d1f58cab109c95807d251fe45e68c83ee3b586dc899b1eb838e0b1e4523b76f5f24e2a2c50fc9daa2368eda798e97084e49c8f0
-
Filesize
280B
MD5e99bff576d3da3b3def32d8da7362a6c
SHA155123895c29ce83771c596e82eb07b2f83046389
SHA256b34fd9658c93e59f9c36fc368246b14684e0186ad22294726dc4bcfe04624de1
SHA512efd81f6a28ae391683c95e7044fa464eb18a30db1515f6957417b3e5e5eaf42440c0177ef3717f9627bc146c55977e0555d47489506bf7fb25590282145b431f
-
Filesize
334B
MD54b0971bb892ec20c6f4c41ebccc7ec80
SHA16cf608828f4fe9e70bece8371f5ae82239182dc4
SHA2563d5f237a66deb5c6af256959e90da2d3bfc2261e9808906ed6e4157124c7ccc9
SHA512a0de04e1b8a7876cf48b7d53b6af6d7e5ce7ac28c2705b2750fcc639bad36853d30d16ed787f7dcf98f9e0a59a3e6eb5dd33c7b5fdc9734155ae3b79bfc32483
-
Filesize
17KB
MD5352c9d71fa5ab9e8771ce9e1937d88e9
SHA17ef6ee09896dd5867cff056c58b889bb33706913
SHA2563d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61
SHA5126c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD54103e74241c487604011c8bb00b3fd07
SHA19adcae44597ba80e5d056aadda489162baf4d052
SHA2562195448a296a961c6eae89f814ff795c139d77d2ee4297413e95707c7c4b92c7
SHA5121ebd1198ec3f99c3011a7dd83f571353399ff2425c03bc154b0d1bd0eab0e8256769c4072df201a5b57205b66388eb70399a99fcb11c359700b3ef20402fcd7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD53822fceb86d2e8b2605fc6b15c601dda
SHA1bcbe681d0f4ba8a772eef719696a00291df74ec5
SHA256946bca4422b6cacaefb04228a5166ec152c9267afd3df15da39a2ff5c7ee36d9
SHA51240bbba4e049efe12a78dff0fc38238a54f22909ee5239807a45f28efd812ff8e863a946cfb0449fbdb0008e251476f0cb22b42f3ad22a3d1402dd838575bf84d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD553f59976f6b28793a2aab63d69161ab9
SHA13c77eaa7d71372ae3473bcfa87c5cc15945f307e
SHA256488ed4ff7bad9cabb2b0034a437e0ef428ad0e5dde86d793bd56f3a94b45051e
SHA512db877e495eee5ec27911ccda16507d883878137fe488c233142622573d26252ee0ea17404081b8475482ffeda17b23894304489624f5be2a0b7c09e866ca65c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD541c49d046abd784f5db06e07c88322de
SHA1663e2a4ee99b26d749aaa6659806e1e8b2e87b7d
SHA256a76faad32d09db01cfb90ec850292721b4be1f7f7caf16d30bae9e38f7acc0f0
SHA512a647b39c7804b22a74c5cedf3953a657500c7b04fe10084497148b36e5b880fc334e0e8924f37d4976e95ae4d785a19c38ea46584a167e80187bd14c7d1acb34
-
Filesize
264KB
MD5b4a1a5075da15996485a33dc8d3f5e81
SHA1fcb89aae921892f5151baea9c6e73f46de90e2d5
SHA256b2d9ec4ba0aa53edcf3d983c016d4ebc808c68f921729be0f5e65c3337ae71bd
SHA512085727b83e9d94cfbc109e0ea4d47e953cf91020aad905cd3683ad75d3544eb259c35447a78a66300e2011b1ef524364a32824db07310be71cde8e20fbd4ffee
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
14KB
MD5c841f9041cea970e1282f934b173ab76
SHA11199ba38ad2ad15dda141ace6c1791a92b472e75
SHA256720eea35bd67f18ae094941a27b7fcf47ca7d8058fff3d8c81c84187510a452f
SHA512afd80e755cdc260f472f721cf5f759b06a30be795680d0c793907ab1dba2d3ad4188a3432760514b38336254258ed67fb461d236086987341f7ffa0163602f44
-
Filesize
15KB
MD52ad260ba17bceefc4ae9d6a7cee2b31b
SHA1b2419bc711166288e773f88b304ddf50adca6f9f
SHA256d13ea82cb16336d121aadd7a13f441199b3a4faa3e3d668abe1b7542179f1ab5
SHA512ab9392ac5e2368247a9a88fb64152ff3851f05ff170e1c382ff1288f5c6bedc0df51d3cb870a919c3e7efcd7e1c604a520ae1854688776cea5ff504d402aa5e1
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
211B
MD531187118da2fb8907abc91e72df0581a
SHA1333d1b08540c11d6a15fd112d461eeded9e13fb1
SHA2562972fd5710060d09c511b23187b23510d5d82ed42fd396eeb7db79ff20a40fa5
SHA512aa34d94e871e2100a8ce94ab385a31eca55b220b8076623cf63544c3fddbb36e168065d2ecccf4abea2f6cf8991722b1152e4d01826c1dd5645580bd97a7fcd4
-
Filesize
211B
MD5be4484dd656febae3aeefc965f705ef9
SHA16b3179e545c0f635bdba7909dfd4a8dbafd7d0a0
SHA25637723e387d5f1517fad2982d1644fc7a11803ee82c1341d016b82899a3b27f0d
SHA5121f0caa1b5f66a57c25de8306c0de0052da0548fdfcc0a2678bd7e70e7dca93f561430fd8c586ce8cf7fa75efee073f7ef891cd5b12adee49ffd3933a18f22fba
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
4KB
MD5bac15974735ab2d7d72c9892406d1aba
SHA18f575c4b4b1946a92285bf7205f5662b1e9b8ae4
SHA2568129372bdd34b8c26cec8ab49baeda6a9c609e0ff7bda13f1e0b1f6e6b9129de
SHA512dd60bc8fb43dbc0fb44e563122414b21d07db3254f13d0e154f8f07a110d3375fb5bb02038d69ba408f0b3a5b5c762ca998c19464594f18e055d255fe7fd57d2
-
Filesize
5KB
MD5cf49a783c060c0a1e8393c818c5bccae
SHA199818422a35535e6af332abfb2df4cc0476564c2
SHA256e4147fca737f77b6771a6d65724d1e48fa5047a1bff61245e46e2e6e4cd4b342
SHA512bceff1d3af29a0a56013fd8da5f88779ff548f8158d2c728de137a8ed998016049c34027dfaaca35e84d258b39a8e60b09fa08f4260b4688e97f238a7fdda16f
-
Filesize
5KB
MD5ba2bb3c4f758cfa68b5498c0cd38fa94
SHA1b885775204791088b8893c78038e522663c3faec
SHA256b37657825ef48137aec40c54e98a7dfdd6fac24b4fde0394b77c45dc1c64d699
SHA512318564333df4454356d6ad36667591433efa1c5e230b729c9275898cadfdbb1383ca4eab16f865c641da7d5745dc9205e8d90a1830af803a294618f168a6323e
-
Filesize
4KB
MD57531ed65b939aad7b333a3be7af0ef6c
SHA16a8691858d4ec193574885c3cb2a8f57de83b34e
SHA256f9583cb3becd1ca60fabc71658e4d8423ee5460f90aa0c6c566f64bfb0694b93
SHA51285ea169681bb3a76302b86c80b8c6359c9b8dde14a393dd46b86d574d6752e4c4460260760323f6d65379fb413834bb03401cd68ede8f5bce61335ace216775d
-
Filesize
5KB
MD5a8be9714877b4d4cf5fe40c072712d2b
SHA18abc33b346483e8db9a75123e88eca5ab6e0ca72
SHA256a21fbcc8e4066edc31ea7007ace0bb78b33ced99fe017aa5defa640013419e80
SHA512d6f071c6000630a943ec60f01cfc3f4bca374f455aea8c81363ace1e71eb8a6f1c1fcd6b8767d8854531c6dce4eb2940c6771e614b7d81eaa1ed2036732bdc49
-
Filesize
5KB
MD5f67f9e3594643136cd72028e622a3a71
SHA16957a1c55aa4e91e421707167f6545db63c25b30
SHA256b74c18cacef79257dfe7301aaa46ca9381c508d3b6d66d8e498c095d40eebf6a
SHA512e176e324b2349f62db779fdf4b96f251546f9e3bc1fd01a12687100d32feb3f51a9aaae5074dd677c393c494d145cdf52a6998a7cea1c2725eb63c425ef292fc
-
Filesize
5KB
MD5aa63e514da738d2d5219e870a38c2855
SHA16ca49fd9417eba277198f92005e4ec5cfc0b7912
SHA256117e234f8f0336626f4df52a586cea35e9d3ebea32243b28720a08da8483c6d5
SHA512c554c98a1a812dbe0bf58c329ba9ad85f5d92a8640fcc45c993a63942f02755b34e1b52a5b7b325d5a0ad7f5b59eacfe33a3009bd4c74b11fb135814ca947e49
-
Filesize
5KB
MD526792eacb37d8617f21058f9cfe59d66
SHA17e7ff11c1fe0100c88658e4e88ba80a8bf5a7402
SHA256d6482e55cd316fad41b9bb3c09726f6a33875f86f77a4c6f40c9fa8d367eeacd
SHA512d68edf8a7f612299756c7731b7d7837db22ae5f20930b8642dacc88d20b905dd937012601190d10ba2e0cc3776764c4cd619b995263714c2886e22d78f07775a
-
Filesize
5KB
MD5bee546932067720b4a9002e9a26a164b
SHA12be592bb197ef9f248441918a1fff1de3f6db11d
SHA256aa9cd878fd7d36c2bf049a68fe5853a556afc773815a999759b03336ff040b9f
SHA512baa67d929d1471ab53ae21ea52bbb55836ff0d7243cf8bda678b329322ac79d79f6a129a89ff0254aefc096979f9d926e33683c8e226e766aa39b94c29a020d2
-
Filesize
5KB
MD55eb36b2fa45464f5287ed5654b5d8305
SHA190736116427d2530ed12d77707bf9ca19bc2de5d
SHA256a34774ed24a5bc14f5eb31ac6e0e9e44b2fce75b431f7562df626126dc31818d
SHA512f7ed92406ca6b4ee398272282607e532fe20669f2503ab224e341d238322f827404762c890a9ed9efe69fbb7fe8b13486d4c6c76b1da85d4750b1cd52ca4e2e7
-
Filesize
5KB
MD5b55a2b00473f3f95ad2e40deaa5cc5e2
SHA17f6eee9938a76df6866dc366b0b43a5b38cb52a1
SHA25620bf4c3551daac982e5e45d9c9a95105660c554619ea66ec5a0a86faf31ba50d
SHA512428b01f8a473aadcb9f9089685577991695030cce7fcae96a3f70a518f526c54ee31e5fdd49505a17ae70614d152b3d1b4df77833f85abae47ac19efeaec6f5c
-
Filesize
5KB
MD52e1c17b489dc444d4d08201af5a68d4c
SHA189e541794a2f36afd3d9b997a608c152360b5786
SHA256521a5442480e6dc4c03e439a8dfdfaca6b7419e5fd11f993fece872d3ce03010
SHA5123e797ac5942d4aac7358752a3a3812f066b68e12ac584a208bc5efa949d3f8282d42d28c6ae53ad43533159361b9fe49ffcc652bfde5ed5aa337200f0e067939
-
Filesize
5KB
MD54613a88442f1665da235920ad9d84135
SHA13db8e206c4f00bf1c7ddf223c357855f681207a7
SHA256d5b9b683d7cd3010d3998fc284cfd782128652b3e1616111f5fe813f449ae063
SHA512a777d835aa86edaaed55c42aa004472f4aa4453357d2634dd4968aa50c1a6164c1d7fc5ef8834340faf820bab35921bf231ca49db94ed5a502da173d672ea4f9
-
Filesize
5KB
MD5b793f2687c4379cebe189b310a81c65b
SHA11708d63b8c1645c04b91ea4932465ad4109b6285
SHA2562d76dfed7a54011e975aa2db7bc4be72844ad3c405ac7d6f5f6862a6a69def35
SHA51247bf9966afcc62cba64e0148b08a1edc3e37ab8e804dc5c3e21e3b137a71b759db706a1668869eb454163986e9e5f53a4a230d7110c00abfd6836393a238dd81
-
Filesize
5KB
MD5e47cf1dedabc0b5ebb1cfba7d1888f4d
SHA1641828eaa18fcdca5c32ab80a197530a3aedbb29
SHA256acc9d40078a6733b5afd7dd8ef3af1ff4e0a40ad97bf760de0d67ada51abd3cc
SHA512ac977cd866f5098201b083b5d11a90f3a7fa802c14c6d98ac8621ea6a8d28cbff90c97ccabb8afbfde86016aa51d2f75311f5b9256f863dd6993b8b42e39f4d6
-
Filesize
5KB
MD545a7e49fb040296bbf7cdf3d2c7a9ca4
SHA129e31b40d2881a9092f4a04c569a6ce7d77cd4cd
SHA256e4814356486d84ba681ebb1f17cff3ff249cf47e5af9b7e214527cd3159b8a9e
SHA51205ef2164b41f660563847d181193eb38461de45e18d4f23f6842c680f459ca76e87f0bbed10209db2ced4413c44561f12a823ff008926754e825fda522866254
-
Filesize
5KB
MD56dece3f2b074a4cb73410a8ca764312d
SHA16917f5f67ecc542c3bf0806c4a207720c115a421
SHA2565b474447d5f4167dc0c15dffd50931f8dcf539c033034d9aaa2dd031f47b0d19
SHA512bf25f5054315772db8ad45f96d316f528ac0ac8f14dd47545825003d184a789d879228807d04c1a66fb35452f39bc5acb51b7fa894d46d3977226710ddfe7db9
-
Filesize
15KB
MD573dbd45fbc232410338b0d2d66cf14d6
SHA11418f88ed5d87b8f7bfb283d38e0b16ec114fe7d
SHA256ccbf262de173078df56f2a6ee85f8cd6e1b6f1b0511415facd2dd0c4e4e0c257
SHA512413f95401be166a03172ac43c38b2829185e006757fb1bd20e36377dc5f146b12b1aa60069a07d383f21cd17ab9781fa1aa74b3178ae4c2fce36e833f20e5cd3
-
Filesize
16KB
MD5030c93ef2725c7fafd7497f766137a3e
SHA12ffd893c82c82d073c53b58e4f152fd0b47926fd
SHA256e759149b8b90b0b82ce9a90e30bfe2c27d8618967489812bc3fe62f11649e255
SHA512b96aa7a5e15c760890fadc9e4c4e4ada5e1dbcd729dfe9d89bdbacc4927cc22776472ca4b80c453686adfeeeeb9bea46ee6251b1257324b87e7ef7596bbcf35f
-
Filesize
17KB
MD55fe343f0ae18f02b6e21039e6f158050
SHA1a4d764a5cf9ceb03f63146d32c21f3e3f956d92b
SHA25690804c48aeec7384863e0f8ca9cf0bc57aa1ebb647534de956f8993881734ded
SHA512e7087dab72cc06934fd9b466fdbde4eacd71f6c8e9fa70459172cc2c48770b7feb130cb5c6a305eb8f055d175fbc92ae0116dda99da07bee432cae01df3ea794
-
Filesize
15KB
MD5826d35fabe03f3af4f12789cae3f0cd8
SHA1cce175ceb4b64b10fdfe75f1ed3a53c14226c858
SHA256356515599861f4cffa7d18238763e4f924cd50bca2c34bcd4a73310ff9bb5769
SHA51204fd9da7d33216a4428c13b1486e87cb9db36a2b4ae5b9c1fe50ff4a1cb2a9eec4db9bde3ea5346ec11a8224824ef8fd01b5cdf61b174c8b17ac9ee75ea6415b
-
Filesize
15KB
MD5d167a0fb1c107b23462f0d8373fcad12
SHA1f9fa8d79f0ef27e77d4a9fbb0836a862df897a27
SHA2564ffdbe167ad4d3820be3b0692f45e08115ccb9e9aa86566c7e378fe0349a8864
SHA5128d776d5f0fc5899dd127b9a556fde09ca9a7a043f4080488f064759ae8105c011648108677de237e5cb1276d2a1964a43bd3c11b4884a92236b05269549a9a46
-
Filesize
17KB
MD5c58e74dd25e53bddaec0becd6e19217d
SHA1f686a7c4e8321ae1b9cb89b01019dc90680c48a1
SHA256f03ab783f1e941595812ac5e508d634f7cdac3e0efce675ac6ce61c8be86cd49
SHA512916b3ec54be55ae9ad7fe1c86a52d9009aec9661fc8ae3a7eba916ef2e02a1701b44dfd7a1a61c8a1d0ae36e0fd40bfb33c21182eee6d43c47c406150374926c
-
Filesize
16KB
MD53b00fc85fb693ef787abd48efbeff926
SHA14b518c8d583243ff00a9b0f84d5415309cc99a61
SHA2562be7e5fdb4d6c86ab1ecd6b17c05e5af43f2b5015589a492a9600bc8c85a5675
SHA51296fbd1e9d1f050fe7120b50f05ca8252ca2e13d1d57a241bf372cb0bf47bf0c3f43950868a26bea403a405026971a6a9286adad2ca9ccc768195cc4cf53ff79b
-
Filesize
17KB
MD582de96bfd73d707a313d71c0f3593b78
SHA15297f682bb43967530db8d50d953b91b54ffc283
SHA25606a3d7336b08355c65182231dba8b6a1d18fa557a1a956d21f7744212cee25d7
SHA5126076cd64840e15dadeb69fcc0b441d59df52bc08f2cc74a4447798f88bb8bdf667e76865a57b9fbd0d7dfcd6bd4d6bb13221b472a7847de096c5af6e32cbbc90
-
Filesize
17KB
MD520d8f75605a099564e5d70e22ef29317
SHA147157567a23467f41a12a06abfef1d505c979d02
SHA256e32c98292c726315a887a831cda2934885a981e08d09257448b6c1a5e1a078a9
SHA512465128251c8ef27e3f6baf6c545e920af1f1ea4d33c495bc63dc9024028a87267036f936e427e5e84f3d6a0c6e16d8d61f16681588338302f6138fc4a369007a
-
Filesize
17KB
MD5563b7c5d50e667577d52cf5f08d380bb
SHA1e718b57f56e6a0a2cd29c8beb35a85f043398cc3
SHA256d44236f0ec75bc42c637ae6a2e8eca5fd3e5b90197fe47fc155f2f783541bde1
SHA5126b4b305f84f4406fa21859ca94a6df4add859c064a8fbb702140019f1a5f39f560ee07e88540cbed5d82a6391991cc379ae5e8317658b377bab7c897b4c19f69
-
Filesize
30KB
MD5ed4119f9ac075877ee527208199d4ea1
SHA111d2ae5d8ff4c1423f7f9d55e964610017aeb10b
SHA2564ce35b6d34fc4f55e416e6ed61190862c2ea1eda26a58cc78a448a0e4370cb2b
SHA51276d7fbe7049604fd4a45097fe62defd7d39b07bcabe12d220a9a9fdcce2fc22140519091cedf89fc1456ab2d51f02d0dc7e0b27efb1e09eff33444d8a1554df0
-
Filesize
105KB
MD5a08fd5286b661055c645c7a3803dab81
SHA199339805d05eb297d82d1b559a379037b97da6c9
SHA256138b4a98e597f32cc3f72ae573f4c37a684825508f2e94936ba59c8dc35fe367
SHA512b9d65809a0bca3b147b3c8c31864ce2f6c3bf2cbc362a1d96a6973e417cd4a25ee93b634b2034ba672882348fb52ea2b444243fc59c6c7db6caa9cb5a88fb08d
-
Filesize
101KB
MD5217dd051b6f254e90426893a97f6b77b
SHA1eb2f82c112171a5cc193dbb8159c79633d8c309f
SHA256813fb5f75784bb15ba21159a5e32b543ceed6b00791e8d5a131f769e31da98df
SHA512f638457058b3a6a815fd5bbf5afb0847bc9b9c8c56f2e079136bf3dec01f2d9e8bae63ae8e31f140a84cb948eafcb6756585defc5e4919df4fe6f1bb6b6452c0
-
Filesize
101KB
MD5f247e2365f635c23820b23297ac5755d
SHA1d398fb9f6ae1a6cd2cc976f5d5ff1008d5a42233
SHA256a08207bd34eea8f3ba5b2b8727fbbb45c1d40771d80628d55ed3c77c493efa0e
SHA51268cb650c604a06b9478fe1fd169ee96626186a5ef85486de8fb506007266e0dd9642d1bda381106f2e60608d3338f221110ec5252026b4c322906be5c7a66901
-
Filesize
101KB
MD5b4a0035d05232bc99024f74fba7ee66c
SHA13fff886ad871f9260ea08be046d43aeac38927c8
SHA256690a3335e1f8aff8ebb45d5cc8b5116946358553726a5e6334cefcf8a9484034
SHA5126b2bd32b128de2ceb86d4886ad2bf523f6578be62c23cdcc38c31e231ee87523c95f6aebdced793bab394f937003d955ad85e5ce2db73239ce197c7ce5fa754b
-
Filesize
91KB
MD587edaf69d9d970699337d9b6b58d9d83
SHA180911334ef0a2fe3c37b4d64e5e70d8c38f4e38a
SHA2560083da9aff056050029af102e4969c85b21dede7398e1747e0d48ce4a004a548
SHA512ae3df80c07858747dfe5975ff3d1d30c5c9b90a13be033f9e149ad64613b8bc37da313262edba57e9db6e1b28bad13f1747d75a13abd13000fb275c706ed31b2
-
Filesize
101KB
MD5f8967e51f1d20122434e3abb56cc0a5c
SHA18a5cfe472eb195d0ddfe7702a7fd109d4c854cbe
SHA25635abc3b9e39ff6282971417f3854ae00db6615c38e21b0dedb2eed5d890b60f1
SHA512b44c748bcdfdeb09c600d634a412ee9bc2a0bc64c7e9c324fa2dda15b53247b338e7dae4ec8d54d6a45e2dee51fb7366c8477162e4453945bf3fe9dc266587b1
-
Filesize
101KB
MD58bafd8d75c062bb3972d3db751a1ec22
SHA106d6cc2bc99fb12dd50b3dced21e07a1afb10b4e
SHA25685fc53bf82787a37e0b917da22df78060bebb37abd877c8d25646eef59497775
SHA512f7918d7ce624e3e165b2ebe9d64dbd2eb4ceb01a89d66414052466e90317df69aacf66d6ef169e0f72d3bc4bde22bf7240c20cc726244eb28b53c10af51a8c45
-
Filesize
101KB
MD52bc872a2711945484679aa90ecba520f
SHA1a7550bae9ad616fc7660a0b8fb480a5be2c3ccca
SHA2567869187ed975fbfe1590858a9183816b6100e6aa1d74e0539f92fe24803ff675
SHA5122b6c993aada0fb3136089dc935e8c579740aae2ea77cd3e5daea3891160b09c4303c008a6a2dd94f2b4b504c18b6987dc156517eec6c63e60eae050eee08f23c
-
Filesize
9B
MD5b6f7a6b03164d4bf8e3531a5cf721d30
SHA1a2134120d4712c7c629cdceef9de6d6e48ca13fa
SHA2563d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39
SHA5124b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63
-
Filesize
2KB
MD53ce92b699f345d772328cc041866b552
SHA179ac3b5f7ab13ae9389249642cf22cdca43065d3
SHA2563821cbf607d8cf1246f542e660bad2afc1b2fe8022650b9a482dc24b3601aa9c
SHA5121b0b19e0a26edbb2827fc3915c55500b6856246f1b1c0cd3db332ed0c7b6658277a62b8ea86ee6a4dcf8d1187dfa1ba770ccf4ec067f25f2750802f852fea8b2
-
Filesize
101KB
MD58341e9e8ab11ab54004fd8eb98f65d74
SHA1c3ac6cd53be87ed3519cd2523aafa6f4e31875ee
SHA256cdf5ae0c99f6f0df3c9c3d52653130dcf9af81880c03e6fc72c0e3ed1f6abf9f
SHA512d48a33ea7b7b6d9882424fcb9029ecfb3c6c39701dd71332444d5bf1cec66fbc6253507eedbfedc828ea7a38229dc736970600427bd3ea64efbf09aaf6bb9cd0
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
245KB
MD53e68d3affb1d07b291b402b1f8733b52
SHA1c5d817e20dcd38ef8e8902c05d8a13777b88bc03
SHA256cca66104abc7b29b365f2f5f55579348f0b5645deafbd962fc802d18c520e676
SHA512d80225bb9b61ae98d662ff3e95775e3bc3900d3820c669956a090ed076154be6a261b327cb872742aeb1d87dcc4b4fe16147b4b26394397b6bb86f3c446fccb6
-
Filesize
399KB
MD53a1261cc0bee2591e29842495e3f6aeb
SHA113187dcb0b83a6ed856317e5bee716940e811724
SHA25666436a1a34bb16464111ac1042189d99de00390235c4109ba04e3f3a2d83d467
SHA512bed901f1345725c6d627021b44451d28fc967838bf7f74388f649f4e52e67e7724ff7807da754d4a54f0da4bd40c33ba6272dd76d130c302c2706f44f58fb77d
-
Filesize
18KB
MD5f945c147a9fc387841cad1dfbf4e8d5d
SHA1c80176950df2d75d3808b068a59515b675b751b5
SHA256270624099bef280a7b918870d5f91b96e2343b7e99248d63f71060c85848fc5f
SHA5125bb2287409fd9f234bd14c0326817143ffd9cd0a81b08bffa5d51c67e742f2fd1eaf3e4cabb44f70f57fdcdac4e0b7a6ed08438b4a09d74f857263ac9fc6b942
-
Filesize
8.3MB
MD5f985bc11f5c253376832368d716887df
SHA19928845daece19eec3574663a5002b1f1ad2f1ff
SHA2567834c16dedb88808908230d77f8ccf9bc33d91e423c73fb433791b4a91ab1fec
SHA512ec5cad6935161ede888c242fd123cfd88e25485cd9f924df2688e646b70a7c55180768583dfcd6d3cb467ca9736685088ac19856dab8026ecba02d5388f4c3d9
-
Filesize
32B
MD5bbf5d2f19ba3939692408b5a55b082d5
SHA160da06b28920b0ef1f668fdeeb82e908c757e54a
SHA256318a1ed380d09ad14c444d398a37e82d610451f089c6e9d4fa8aa7fa72205471
SHA512d3154dd9168fd19016ed40711455adbcc03d1276a42399fe7daf4ece0ab9914fcfe22b9a6c558d49ac74f348d109c715263b4459ef15b71673fc4714543c0c37
-
Filesize
770KB
MD5af850a5433c3ff2e33bc4222e14800e2
SHA174baf15228a800287d13771882bb4eefab75010b
SHA256e19399997dc084d27126835a42b2e478a37223a6b2f649fe88490112bb6318ce
SHA512f3ddaa6de21bf615894f638a2ab49d60a914ce30682596f3a2c5b8337ece1657c649c527cd99ce2b7db1dd3522caa4ab43afb228e1657f6fa32eabe2188b3b25
-
Filesize
5.6MB
MD59d7304940c94412bf8b673d3eac550a9
SHA1f8ee2b630e10ea85219b5468a026e4f9fba1e6b1
SHA256962deac26d2afa9ddf08795353a743b2799bfb7d05974737b0a9f7314ab546b1
SHA512adcc520c2903c1b3afd496072a9fe80da7a309959c2a9f7538aabe69ead651076bd4b575d2af86991830aaa61ace25dc31e1141ece4fc31ec7f9e7dcebb8efb2
-
Filesize
32B
MD5d0ff045223f7a464b8e99045311adbcf
SHA14a54d4dcc976fba5f621b0fb228f2a1b3d78e5fe
SHA256456d61d9bccba69af0073dd2f83ea3d85189570e8d5f4a61da417e985e397353
SHA512579f055753e634e5ea66c844689ea9a5d993f495cb6b70e1fa3aad9a1edfdcf615f8a21c9f635a1224cab1edefbec485dcbc2745135c67b74081e398fe023b69
-
Filesize
32B
MD546300d15f2888e56873e3635a808bf3b
SHA125c3a21bba8c2222561a4f29d19490ffd908a159
SHA256a920f077ba2a9715802a3a8d83ffecd7fa1f8025a4459bb8db1a739e2f712fbc
SHA512a98ba740817a6d9613062b870c86e616194911ccc653da55dfcef5d5e2a384dc0edde197b3ad50ab7bf8cf3f88dd23ee3187f94cf63ca86a8f441733ae214a92
-
Filesize
32B
MD5adf45d21ee156877a30f4680b6a742fa
SHA1a7b9b151e087041f6bba5a8539ed26d4c5b6a373
SHA256f22a08394a54e58276d9ad87de2b0ad691c70774771b0e5876e5f8854bb3d594
SHA512516bb29019971a72b995c53cbcf65eeaf5dd233568252cf0a287048500eaf113944f6d9c2ebf39490d30df7a8f776b0bba07807d3d4f385b8c75b52e5663fb7b
-
Filesize
32B
MD5bfe1320798a188eeaec082af4acf9fd7
SHA121805830b677338ea49d82bb435d8067ca51a31c
SHA256cfabb03e491637c2fec910db0194dbd3e7e3123affee2375629268634d3503d2
SHA512dd1b64fecc103ed290cbdb7254872860cdafbb67b975eea88c094e686313572afbdd13fbab5a7d7b5ee23654c4fddab080af4be9b369771e9b0d8888d283d531
-
Filesize
499KB
MD50e170e693a13fcf60a3cd246a24e8822
SHA161829794e5d968c3c1c106953002c2851e1a992c
SHA2566a5f84c751142ecf5bfca2bfcdd00f472fe03eda81125f4561fd7abe4e82ef86
SHA512de97f1e6d1b1675dbced1c35f4916e74fbe7e28f049a3c6854a6ed1c74cd834a1a83e4642450f46f9a7da85ac70c4ebbcd42db55f3ef530c76cc76c714c4bd2a
-
Filesize
1.4MB
MD5cd10f317d54a8ba35e5ce85ba3b60220
SHA1f1c33ddb09b0b30fb99917d2d9b8b0346fc20373
SHA256ee05132599596b99f595b0ecf7783e7e119d5d03519b12fe9f3dbf5deef6fab4
SHA512e9e56ce0b9a61283c18acaedbe22cf068a3b078e0836e3c0c2ed75d1a3e9199d834bf107321418c587cd235570b2ff48f0f04763d1ade475fb1a97255b2c479f
-
Filesize
508KB
MD5e2a0334684b05bf05a953b80a4832d20
SHA1d29dec0042c65ac02c411e4caed37a5e1aa84d5b
SHA2567dedb34158f800166567887c7a007a85eca0be379d20d51da3230f66c6b094c0
SHA5120d486947d1c87ee632930afb49dae1061bee5b271e16a419c9e37a92c7083509de3e8980a73f8a9f2724421612f2cb9d33ea4156ab5c3afa34e4a98fed84ea92
-
Filesize
129B
MD596d15c4f3db04429631866751a1d2890
SHA161066ffead2b6859e4d3fd497a78b05343ccf25e
SHA256e8d31c1de790f738ef75daa0402584560a0672402d0d3ded0899d2dbc95fb911
SHA5122e5c94e2d92eadd28f604ed1f04d6e2dc9d9a4ffb3c2270e9d19792ad41c0c536260616a17b433f4f2bc57b31b116ffa06eefb61955b98029f15593db4122189
-
Filesize
36B
MD5f4c2784aa289f17d144a589751c7980d
SHA1b414dd690863acf3614c25c911697f1b16c24c62
SHA256e6e827f81840ce8975cd5e30467ddc1661c3f407cd9d342d00800f32c01dcc26
SHA5123f3f8f8ae91d679745189722c88d97d19e8728ce3289deda2e89a79061ad06d0a627a9783a9ef2a833f6a7843d882bebdae77d178f3d810b581093b299f2b70e
-
Filesize
2.6MB
MD5c86511990365ac18cfb527e41a6f7eac
SHA1d5119c749ba9c4f4a91120381cae151ce8cb82ad
SHA256eb247a43d0cfd0662559f1e3a2bb6656a6b7d465c8d404d5a3ea090daad78196
SHA512d76df94f69421921a04f768b04120cef09db6e6f8d8a930033893766444029c0be9c86250e49e9ea11c6d804cd16f4676ab0be860486d22f4992a65deaf30df5
-
Filesize
155B
MD5758591d297b16ee7b5127f2fe3e67a27
SHA1d782a572579a9f52e31bef5377997c7f9be28790
SHA2562c6224951714e685114b51c4e598c2bad8c7bc16975f7401ac51e101afcab837
SHA512808f47903ee90c68939aca97ca06b1523bc5355d7de6c1b3ec14d0cd560b3bf77abe7c429964176711b91bf6a9bb2a1a9fe22206daa465ff2ec55e55ccc2eff3
-
Filesize
34B
MD53a0a7d7823833be6e8af5ab1af295139
SHA11895dea63fb05e7e6f90e052936de086874c4c75
SHA256a5f15ba3b16384b584780f2bbb0ef3e7fd49ccabd0b9ca10437882f65f49c7f2
SHA5120d1377acaf8c5062e4ed7b3ad3fe0fbae594b6ce234aa9339471a31c63d6ea768c6cb2ca24820fc7726282c7fbbd41da29242cd3c288d7a0e8cc6b7e49c9835d
-
Filesize
730B
MD53266bd308834ee8d251433b44ee0a48d
SHA1c271fbb539824ff577752d2f82b1b498a9ac91b7
SHA256a773cf585925921309cc117e59ee87c56ae7e9f7e7532b4fb153e4ac72dac76e
SHA512edcba4498e553b4e6d9eb28b7c29e880b04ab531435c50685d638769ac5ae74c6e3de8c02ecdcb385d05f347b27f2e1e6bab72ff45a16642013b28b44fe85321
-
Filesize
2.5MB
MD5bb8bdc561394c4ecfd2158d228da62b5
SHA134b46f4978ce08acf9c2218c22e8f2bf0d24a745
SHA256ae283b45d858cb916f27b724db05049aceb424e049cd8c8a9b145547299f03c6
SHA5128d02b3957c3efa279dccbd7aa521c372b03fd2afc2699f29bc178caaec8414baf0405987b5673b8d8e29c94bf962b08b36424ad08d0399b02b4319f5e7c5467e
-
Filesize
9KB
MD5acfe51999ce2e2361e5f13e9b4fed750
SHA182be366bea26ca1eef8c35ca2f26a9baab8551e8
SHA2566db99180a45cb0116807a7d83702651468a1982596a0187d2fd8b9fb9e3623e8
SHA5125494f6b520767372f67b3f98c2aa80b35a53c8f7167a80f2b9d9908045ff412e5348f9f69eccaabe14433c2ac5ae826dac4cf71d3681b8c120c763f34d62f07d
-
Filesize
9KB
MD55eb63b027646873e5c3c0ffa1a6e3ec0
SHA168f8e83c8d97ed0460ecb9d70a1bf9f25cd7b859
SHA256b26fad351307301bff6f8632f3612a90f00cf9e4bd5636abad7a9f84a788cf8e
SHA5126182ad2d3657664e5d39fa8191468e0594b7a79c543e71e63414ce9cc5f6f95e25204375af3583596d774e6f3d0aa0c0ad915b3f806cf68a05f81fa9c1db951a
-
Filesize
11KB
MD52ca070a7ed7d91b6baf38979d8e76cd2
SHA1ea689a87c8fe6f111bcf7b346d93e4e9c1d95dd5
SHA256798db29b0bf9fa369806ad5f9bd48d1b2f32c2792c143724d050771cd374b16c
SHA512d7c7136d8a0eb96ee9eba56404bf17ad67860cdbddc4668f29c7a66444f8f19f348b5e21b9fa278da88a0bd4b7f91c2ec0d0b7dc287cecee72a63d5af8fe4268
-
Filesize
8KB
MD5a3caadd2145dca3c6ba88ee5db14f53c
SHA11d6ca8db89092655be13dcbdd71abca63cbe6d76
SHA25665e22f722245db258c88750c1a5e3ff31d1ea0831ad0a3e6489885e7c3d6ad6d
SHA512e4c1b1d4b77e9eef9ec3821e59324e839baece4f759fabbad2bd4f270acb858b2c0a14b2ae28e56aa1212ff75ca07cc100ccd70c24d58ed49a1d392ec4a3c78b
-
Filesize
9KB
MD579303484d4afa7e4f89286ca3fd4841f
SHA19eff33b428a6e8d9f98631932815a98b248bb78e
SHA256ed7a5d941e172e91f8f2648dcc7927c3fc6fa4bb8c51723ed880573a404b5789
SHA5122d5e51fc37dcda52bde4a5f360a97714faa4acf25903bbf0f71646c36e73566ffbf02a74ec63208e88df22343d4090d5d0fa49250b3b6c918de165355dfaa454
-
Filesize
9KB
MD57b9baeef229a87c12b73f29e8b598db6
SHA1dd2a247054248d2466885f63e821e2cc01c0f6f9
SHA2567168899eab467f9da09a0ca8090ae2ebcc98798ce943438afbbf4d4ef947c9c5
SHA512b6a7e398855c16c7d39ad00bd93422fbc8af18316cf107d94967a2295ddba22dbf3e0905fbd7f328d4345f4e9e0a6c0d3c5b84ddfa91660499bd2539be7a12e6
-
Filesize
9KB
MD5a23d96ca0e8babdd67e6768baa6c7158
SHA1e879bf1a86f0b9d2fa92f0d2f57771bdb1164eb5
SHA256b00d62241bad1f33fc6710468910c2a789e640f99be5361f5ca351893b133761
SHA512eb6e90396374c9bd94c60a6ae69c8d1aba056ced80a9e65302cb60075b92041608668c54f27d186ad1b21d66eb65844f43282e6439801350414296546a8f6c0d
-
Filesize
9KB
MD5a5014bcd27fb8bf46992454145fa82bf
SHA10b593e1631f8889bff3843d104eac2e471fc5239
SHA256b6747c96bf9d2fd280ccbfe4c8f11502f293eb82f93499135cac5d8ef85750ff
SHA5125f9136601e04715271f121258ae603a91bb63acb1a46e065e0a44a96aa61c5c09f8afa0cfb4ed88e77a3e4473ec2e5710af32561deb22c503bf76f59a4bb2c5c
-
Filesize
10KB
MD52ac9c41e7be72ada13001c20a3022802
SHA110a7b72ec6ceccff31e2cee5248bbc03c542631f
SHA25606ec42448bfdbf8d63766bbe8fd8294a2d899b72d017ed1472660d2e28b3721d
SHA5120cb97c2231df29b4de7f9835d1ab0a3e41225a38b846668976b5968c50bae2ca2ca3997b1fd27426976135bd3ed1069fa288527513c4fb6cb24c502d22daf6a6
-
Filesize
9KB
MD5aa4f830df7541223c25856a2d28b2e17
SHA1e0aa7bdb69b0096166998ac3684dbded63ceb872
SHA2568b3d7909a22d6de96eff2c7880806aa2c60b69d304441d78f62976d023ebddd2
SHA51229cafa55463461e0608fabf1e61638c73b78cfba563b608225d53ceb7898a24309a3e0ecd635ed4391e287cc096f3ea49fed7fb5ac38d291348348034ea33fe0
-
Filesize
94KB
MD572dc57d6b0b7a541bbc8f4bed42ba48a
SHA18f1269f8351cc6db6f624d5f4bbd2881ad65a15a
SHA256075e253101ba416a8a3b572e08ca5c371a8cd27cf473be319e7cc88982523a00
SHA512e198e144ec1043ca1206f65af5c2b46bc8ef4a957c51b89b3d5f74f72f7b1d4d7e2ba765e6e28cead62a4dfe5cce571961366e821504ebab687eea50b7c3c26d
-
Filesize
9KB
MD55cc6bfd1f84adcbb9545f57514e2917e
SHA1d7f94e0049904f5022b2501d3b3592838f74f3c8
SHA25687f0694ad48968ca5f635af0b2176a1fa07bb0912e74878a525f5c0ac11e75f5
SHA512b3c236062502b0279a9e337acaf20dca6607c2b0260547b44a0ff6a66a7a40cfa93556f085eafa84247f91f0ae2324d4e32aeb028c45a4865f195ced98a6672f
-
Filesize
9KB
MD55658cacf2c22f48391c1828f6f159e68
SHA1e647906f1fb69bc457eacc1e914edf6e1d71acc2
SHA2569ac366095f3947e930695fc5936c3db350edcfc3d2a1bebac27fed60a3113120
SHA512e08e735b0df8e4b4985fab3084d5be9d5abe6e8215c5a60002b9080112fec8ecf137246d5e0fb39a9e38af27a7a8ac9e5d0d5e927240f8973ce54da3420e1a6d
-
Filesize
9KB
MD56aeff62b201b5177138456d25bace1c4
SHA149ad9fc51c2516062c8b7316a1d4cd37f610f9d7
SHA256a35bb6141e50e60abaee7c5735c3e721eff4449b0afe25737ad13fab0a66f5eb
SHA512d34e4fdbd456bb8687e7e722cd99353adc67e36a5005a86e3b1bc7255ce42b8967845310fec71f3405f6844b035c171996e844374c3ad47e035fdcfc622b5a5c
-
Filesize
9KB
MD598b822769db8924bd6691452e869cd6b
SHA1132987e08da247718cf36df8070f921d2e3bde59
SHA2564ae43bada5e18aeaf311d5dddc3dc9711a4ad1a7091a88272a4b68d9fb063528
SHA5125149efd86f82250ca5a1fe5a39c1143ec34466dd59358cc9a13924e072e2549bf541675cee44d2784cfd6c737263369929fbc24372fdbba91fd1141a8cfebe24
-
Filesize
9KB
MD5981c60313dd23358f54b11ae8152c7ee
SHA1231393e872bec01b7720d035a44168d0f8ee6589
SHA25691b2199f6e647c9e856a52f8873e4e498c024a4fc93b9ad04fbc8ed331e6cd4a
SHA512c0dc0f66c7a9958356b794eb3097e4866a3a2ca906aae96d27cecf263667e36edcfac111d3dbdf94849e58e648b2c64b9cb27d66861cdc60bca5fb6cb53df735
-
Filesize
11KB
MD54743451ffc9d429770d4a4e051558627
SHA1f9df9f5695764ac6ce8790b4b589af790a4280cf
SHA2560883c4138419e4a15fe4821be95ed408b13ddfc3ab245cee15c572ad9b4296ed
SHA5124368dfa61e80fa9a358189da7aa74b4d9d5c9ce100a25011620c0988719a18cde4c3c34f946c939c5ba5a41be20b8bbc2227d31aab07a322d20424c2e3c460a5
-
Filesize
9KB
MD52242b3ed175f47c015fe9520d1226698
SHA1baab2629196987f355743eb1ba76ddc93913617a
SHA256aad84dd6a41125f046647e0ad66bd7a783f7eec9f14f2522601c5b36b739fba6
SHA512dca52df895ca92efba0af47961b6f1acc57f9813fe4b3ae9f35285b664b56989e9421f218c08f35ced05063039e7b3e7d57bc84e850c08e7dfba3aee4b3e13e3
-
Filesize
13KB
MD5c3a4a5cec283fc18f180d09c594c9de7
SHA11d8f2164bb6852eecb8e0edbd3463165ba349344
SHA25665e8f499c6989ab449ad88bc9d5a1b42b5c8cdf3cea4e11e4cb9d9184ececd6b
SHA5129234064a489fa1d17909d7aa3d619a4daff2894ba6167b0d9b48568818e03c55599c46c6f9c70765df8a4da0dbc40a4f03132eef973ee1e9886799e86be5a679
-
Filesize
9KB
MD5c672b9fc2c06a13858cd470bb86ab975
SHA1ff79f99879bfdeee968872bf261ef71e6c693bb8
SHA256e207a98a17715be9fbc394204fb1051e56395941c8dbc7c380974582c857ef6a
SHA512bba717b06b564cba62e258f30dbe58e287f8bcb65befcbea8d91a76fb435f4c66946f460df6a88a8abe46465e9744c278119f9072b2285722d4ecee3c8f02a59
-
Filesize
9KB
MD55a92744a7684d91f58df4840c172cc7a
SHA1e2a3e60b179b4d24d4c5621c204d1c94a0372ae0
SHA256c0c93c0e92196ec057e62f46c0cf4f9e95fb9d70fed441f2c570c77f3e5ef982
SHA51204e406bd9ce1f06d003692bb6f2e916fe67f939e8f25ca28e79cd298364ff595e583a476068c16cef51c9a294c3f0ff4dff4fd6aa8698ee32599d85f3cf44cfa
-
Filesize
8KB
MD56d14e1148f4796cfa3348078dddf34a2
SHA17dd9e51bcafdb03d6f55ba87e721df090d6cd25a
SHA2567cd71327d7bce991959986d56dcd0e1ac21914fa467b1e4c259ab3635436788e
SHA512e2dde1930c5b2128a94a5311eab159b8a3012ad56f1e48de49e7f34e149c2c6ccca913906510419a92f33e9a7104d6b6d9d4a479ed4411e8948035b06f2d7825
-
Filesize
4.6MB
MD5258e030e1961923617df3d6ee6dc1e5c
SHA1fea5a96214480383fa1aa5ff674ad3febd45aee3
SHA2563eeebdf2a76db3ad7fe70fd72ff2badf495767f0e75d8fb2c3210fb8b541a2a6
SHA5129269f481a52df490539f65cb71dbb5c582ee7d446c5b5af38146c210b2870bde6a12bfa9df0f3ea9376e14bacd3c5d3b9b42dfdd1904e9bff835c117d97a88c1
-
Filesize
276KB
MD502976926dbd2950c19ce250688b210b4
SHA170edee2b167e2c4d21f0816d353d06a562aeea53
SHA25603a9116627f80d4c1ae1c42d341ec5714b0b5c90f6d9defecc1213b5f885c437
SHA5121d098c89b9849b77e67ea480a588ca4af72bd4301733704f5592311d9d897e195017cc34ab965420bd29aa9b771ab6428de036931e31156cab6d6d736c11c554
-
Filesize
79B
MD518e8266414333217c3ee3890f08f2b0e
SHA1522f2dd954cfc578eab7ab130767a106eefeeb08
SHA256ef8c5889b95e2aa2f1369598d8b0c65ccf7b04579821983a6286d686b2c84dd6
SHA5125ed43c1fc64c67d41403b2b3c0bce64aa68415ff0583a354a9802af56e4a16a1761b3f73afc51539c132aec7247d1ce932430411c939b0756510b4905bded0b8
-
Filesize
5.6MB
MD578f76b6be4fad6675e1143183d15ab3b
SHA1665f96cf8e99cf5ff5cd17c37c3c849cbc02c708
SHA25650930b96f2c678175df548597dcfd4e386ff62c6510b80a5ecf84888818b73a6
SHA51275d1046705ebeba4c3873e91b7217dc59b3cec8f97f59f5deff1bcb6007d5e335f842dcb46a090ff06b3a38c6189bac5381a2ea8122640aea5d50804a6cfdfff
-
Filesize
5.6MB
MD52fc7df1d2f814c097bfa3027e7293da1
SHA177718fbd1060b9759266914969829c1b9dc3f257
SHA2561fa49e02ca28b73521e03d647af22080c1818fcd54b87952cdc48bacd367a4e9
SHA5121cc3e99d13debf9603f7761a8fc5e3d764e94a14d27ec454f02572618c24403f409ab1e8b61169dd43f7aa680007988297a2d5ce25af29ab786b1fc5b06e8380
-
Filesize
756KB
MD5c7dcd585b7e8b046f209052bcd6dd84b
SHA1604dcfae9eed4f65c80a4a39454db409291e08fa
SHA2560e8336ed51fe4551ced7d9aa5ce2dde945df8a0cc4e7c60199c24dd1cf7ccd48
SHA512c5ba102b12d2c685312d7dc8d58d98891b73243f56a8491ea7c41c2edaaad44ad90b8bc0748dbd8c84e92e9ae9bbd0b0157265ebe35fb9b63668c57d0e1ed5f2
-
Filesize
145.7MB
MD5fcaee03e375ed88f91eaea1625d8981f
SHA13d8ced50c9e170316b68167cf333cd0fc7d7a4ea
SHA256607ac4ec08217b0ce99e1e5f9b3798b7952ad913c2d58eea4c1595f19ec8f441
SHA512c53196ea49136d25df9e1a0ac506ad060c1f0419e832b0dfaad434db4688d6202e9f45ee12056933d7868217c6e06474b4033255a74699f3728c00a5110a6c6e