Malware Analysis Report

2024-10-19 08:01

Sample ID 240415-pjgs2sge61
Target http://web.archive.org
Tags
darkcomet discovery evasion rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://web.archive.org was found to be: Known bad.

Malicious Activity Summary

darkcomet discovery evasion rat trojan

Darkcomet

Sets file to hidden

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Views/modifies file attributes

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-15 12:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-15 12:21

Reported

2024-04-15 12:51

Platform

win10v2004-20240226-en

Max time kernel

144s

Max time network

641s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://web.archive.org

Signatures

Darkcomet

trojan rat darkcomet

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\vi-VN\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\failed.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon_warning_slow_connection.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\network-error.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\ui\ltr C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\bdnc.ini C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\it-IT C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\b-icon.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load_big.png C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\settings\LoggerConfig.xml C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-win.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icon-warn.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\bdch_bdec.ini C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\tr-TR C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-gg.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\check-large.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-BR\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ro-RO\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\bitdefender-logo.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\bdch.dll C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\log.dll C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load-medium.png C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\icon-safe.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266 C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\es-ES\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\settings\UPNPDescr.xml C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\html\Agent\login2_loading.html C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\bitdefender-logo.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-warning.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\icon_informative.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\es-ES\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\field-error.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load-medium.png C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\bitdefender_logo.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\fr-FR C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\slider.png C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\bdui_progress_fgr.png C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\sv-SE C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgent.dll C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\html\Agent\login2_error.html C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\close_hover.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\loader.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\icon_quest.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\icon-warn.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\iservconfig.dll C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\en-US\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ru-RU\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\btn-close.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\b-icon-popup.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\feedback_hover.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\critical_fixups32.dll C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\cs-CZ\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-PT\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\logo-shadow.png C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\open.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\it-IT\productagentui.txtui C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentDP.dll C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\logo-w.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\down-arrow.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\x64\FixSfp64.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A
File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-warning.svg C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{AA7F2615-47BD-42A7-A0A4-17EDAB39076C} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5168 wrote to memory of 5508 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
PID 5168 wrote to memory of 5508 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
PID 5168 wrote to memory of 5508 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
PID 5532 wrote to memory of 5696 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe
PID 5532 wrote to memory of 5696 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe
PID 5532 wrote to memory of 5696 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe
PID 5508 wrote to memory of 5800 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
PID 5508 wrote to memory of 5800 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
PID 5508 wrote to memory of 5800 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
PID 5696 wrote to memory of 5820 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe
PID 5696 wrote to memory of 5820 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe
PID 5696 wrote to memory of 5820 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe
PID 5820 wrote to memory of 5952 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe
PID 5820 wrote to memory of 5952 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe
PID 5820 wrote to memory of 5952 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe
PID 5828 wrote to memory of 6068 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe
PID 5828 wrote to memory of 6068 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe
PID 5828 wrote to memory of 6068 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe
PID 5800 wrote to memory of 6076 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
PID 5800 wrote to memory of 6076 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
PID 5800 wrote to memory of 6076 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
PID 6068 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe
PID 6068 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe
PID 6068 wrote to memory of 5164 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe
PID 5164 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe
PID 5164 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe
PID 5164 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe
PID 1252 wrote to memory of 6404 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe
PID 1252 wrote to memory of 6404 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe
PID 1252 wrote to memory of 6404 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe
PID 5124 wrote to memory of 6512 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe
PID 5124 wrote to memory of 6512 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe
PID 5124 wrote to memory of 6512 N/A C:\Users\Admin\Downloads\bitdefender_tsecurity.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe
PID 5820 wrote to memory of 6756 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe
PID 5820 wrote to memory of 6756 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe
PID 5820 wrote to memory of 6756 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe
PID 5800 wrote to memory of 6732 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
PID 5800 wrote to memory of 6732 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
PID 5800 wrote to memory of 6732 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
PID 5164 wrote to memory of 6896 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe
PID 5164 wrote to memory of 6896 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe
PID 5164 wrote to memory of 6896 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe
PID 6512 wrote to memory of 6920 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe
PID 6512 wrote to memory of 6920 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe
PID 6512 wrote to memory of 6920 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe
PID 6404 wrote to memory of 6928 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe
PID 6404 wrote to memory of 6928 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe
PID 6404 wrote to memory of 6928 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe
PID 6920 wrote to memory of 7052 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe
PID 6920 wrote to memory of 7052 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe
PID 6920 wrote to memory of 7052 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe
PID 6928 wrote to memory of 7076 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe
PID 6928 wrote to memory of 7076 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe
PID 6928 wrote to memory of 7076 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe
PID 6928 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe
PID 6928 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe
PID 6928 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe
PID 6920 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe
PID 6920 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe
PID 6920 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://web.archive.org

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3640 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4144 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5332 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5448 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5512 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4332 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\9458133a422e416f9f9c4bee2adae15a /t 2308 /p 3012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=4732 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5692 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=4984 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6140 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5096 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5824 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6124 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5796 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6296 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6104 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6112 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6648 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6676 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6816 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6380 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=7012 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=5564 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=5464 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6364 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=7028 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=7436 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=7392 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=7024 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=7380 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=7524 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=7904 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=7864 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7320 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=8144 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=8448 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8592 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\Downloads\bitdefender_tsecurity.exe

"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"

C:\Users\Admin\Downloads\bitdefender_tsecurity.exe

"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe"

C:\Users\Admin\Downloads\bitdefender_tsecurity.exe

"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe"

C:\Users\Admin\Downloads\bitdefender_tsecurity.exe

"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"

C:\Users\Admin\Downloads\bitdefender_tsecurity.exe

"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"

C:\Users\Admin\Downloads\bitdefender_tsecurity.exe

"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"

C:\Users\Admin\Downloads\bitdefender_tsecurity.exe

"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe"

C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe

"C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe"

C:\Program Files\Bitdefender Agent\ProductAgentService.exe

"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" protect

C:\Program Files\Bitdefender Agent\redline\bdredline.exe

"C:\Program Files\Bitdefender Agent\redline\bdredline.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Bitdefender Agent\ProductAgentService.exe

"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" install

C:\Program Files\Bitdefender Agent\ProductAgentService.exe

"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enable

C:\Program Files\Bitdefender Agent\ProductAgentService.exe

"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" start "C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"

C:\Program Files\Bitdefender Agent\ProductAgentService.exe

"C:\Program Files\Bitdefender Agent\ProductAgentService.exe"

C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe

"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe" install

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll"

C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe

"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ffadb592e98,0x7ffadb592ea4,0x7ffadb592eb0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2232 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2652 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2672 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4552 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4756 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files\Bitdefender Agent\ProductAgentService.exe

"ProductAgentService.exe" login_silent

C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe

"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe" show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2 app_name="Bitdefender Security"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4888 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5004 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5296 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5492 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5868 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5392 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6196 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4628 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5388 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6464 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6508 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4560 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6760 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5312 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2120 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6920 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6024 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3712 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6560 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6308 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6448 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7304 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7352 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7392 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=8028 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6028 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\Downloads\Blackkomet.exe

"C:\Users\Admin\Downloads\Blackkomet.exe"

C:\Users\Admin\Downloads\Blackkomet.exe

"C:\Users\Admin\Downloads\Blackkomet.exe"

C:\Users\Admin\Downloads\Blackkomet.exe

"C:\Users\Admin\Downloads\Blackkomet.exe"

C:\Users\Admin\Downloads\Blackkomet.exe

"C:\Users\Admin\Downloads\Blackkomet.exe"

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\Downloads" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\Downloads" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\Downloads" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Users\Admin\Downloads" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe

"C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe" install

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8592 -ip 8592

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 356

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2e0,0x7ffadb592e98,0x7ffadb592ea4,0x7ffadb592eb0

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3060 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3188 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3312 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4320 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4604 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4644 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4920 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4996 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4920 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4320 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4316 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5432 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5896 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4596 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5404 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5400 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5300 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5892 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6300 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5480 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5480 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=4580 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6676 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6936 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 13724 -ip 13724

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 13724 -s 416

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\Windupdt\winupdate.exe

"C:\Windows\system32\Windupdt\winupdate.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

C:\Windows\SysWOW64\notepad.exe

notepad

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h

C:\Windows\SysWOW64\attrib.exe

attrib "C:\Windows\SysWOW64\Windupdt" +s +h

C:\Windows\SysWOW64\notepad.exe

notepad

Network

Country Destination Domain Proto
US 8.8.8.8:53 web.archive.org udp
US 8.8.8.8:53 web.archive.org udp
US 8.8.8.8:53 web.archive.org udp
US 207.241.237.3:80 web.archive.org tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 207.241.237.3:80 web.archive.org tcp
US 8.8.8.8:53 web.archive.org udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 web.archive.org udp
US 8.8.8.8:53 web.archive.org udp
US 207.241.237.3:443 web.archive.org tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 3.237.241.207.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 72.246.173.187:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 23.73.139.50:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 polyfill.archive.org udp
US 8.8.8.8:53 polyfill.archive.org udp
US 8.8.8.8:53 archive.org udp
US 8.8.8.8:53 archive.org udp
US 8.8.8.8:53 web-static.archive.org udp
US 8.8.8.8:53 web-static.archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.237.2:443 web-static.archive.org tcp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 50.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 2.237.241.207.in-addr.arpa udp
US 8.8.8.8:53 241.239.241.207.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 9.244.122.92.in-addr.arpa udp
US 8.8.8.8:53 analytics.archive.org udp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.224.2:443 archive.org tcp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 195.225.241.207.in-addr.arpa udp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.185:443 www.bing.com udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.179:443 th.bing.com tcp
NL 23.62.61.179:443 th.bing.com tcp
US 8.8.8.8:53 179.61.62.23.in-addr.arpa udp
NL 23.62.61.179:443 th.bing.com udp
NL 23.62.61.179:443 th.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.antivirussoftwareguide.com udp
US 8.8.8.8:53 www.antivirussoftwareguide.com udp
US 8.8.8.8:53 www.antivirussoftwareguide.com udp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
US 8.8.8.8:53 156.21.183.68.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
US 68.183.21.156:443 www.antivirussoftwareguide.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.antivirussoftwareguide.com udp
US 8.8.8.8:53 www.antivirussoftwareguide.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.antivirussoftwareguide.com udp
US 8.8.8.8:53 www.antivirussoftwareguide.com udp
US 8.8.8.8:53 url.totalav.com udp
US 8.8.8.8:53 url.totalav.com udp
US 8.8.8.8:53 url.totalav.com udp
US 8.8.8.8:53 url.totalav.com udp
US 35.224.74.90:443 url.totalav.com tcp
US 8.8.8.8:53 www.totalav.com udp
US 8.8.8.8:53 www.totalav.com udp
US 8.8.8.8:53 www.totalav.com udp
US 34.111.47.92:443 www.totalav.com tcp
US 34.111.47.92:443 www.totalav.com udp
US 8.8.8.8:53 90.74.224.35.in-addr.arpa udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 92.47.111.34.in-addr.arpa udp
NL 108.156.60.107:443 widget.trustpilot.com tcp
US 8.8.8.8:53 107.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 www.totalav.com udp
NL 108.156.60.21:443 widget.trustpilot.com tcp
US 8.8.8.8:53 21.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 16.244.122.92.in-addr.arpa udp
NL 23.62.61.106:443 www.bing.com udp
US 8.8.8.8:53 106.61.62.23.in-addr.arpa udp
NL 23.62.61.179:443 www.bing.com tcp
NL 23.62.61.185:443 th.bing.com tcp
NL 23.62.61.179:443 www.bing.com udp
NL 23.62.61.185:443 th.bing.com udp
NL 23.62.61.179:443 www.bing.com udp
US 8.8.8.8:53 r.g.bing.com udp
US 8.8.8.8:53 r.g.bing.com udp
IE 68.219.88.225:443 r.g.bing.com tcp
US 8.8.8.8:53 www.bitdefender.co.uk udp
US 8.8.8.8:53 www.bitdefender.co.uk udp
US 8.8.8.8:53 www.bitdefender.co.uk udp
US 104.18.38.16:443 www.bitdefender.co.uk tcp
US 104.18.38.16:443 www.bitdefender.co.uk tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 16.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 225.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 download.bitdefender.com udp
US 8.8.8.8:53 download.bitdefender.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 192.229.220.142:443 download.bitdefender.com tcp
US 192.229.220.142:443 download.bitdefender.com tcp
US 192.229.220.142:443 download.bitdefender.com tcp
US 192.229.220.142:443 download.bitdefender.com tcp
US 192.229.220.142:443 download.bitdefender.com tcp
US 192.229.220.142:443 download.bitdefender.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 23.53.113.19:443 assets.adobedtm.com tcp
GB 142.250.200.42:443 ajax.googleapis.com tcp
US 192.229.220.142:443 download.bitdefender.com tcp
US 8.8.8.8:53 www.bitdefender.com udp
US 8.8.8.8:53 www.bitdefender.com udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 142.220.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 104.18.40.87:443 www.bitdefender.com tcp
US 104.18.40.87:443 www.bitdefender.com tcp
US 104.18.40.87:443 www.bitdefender.com tcp
US 104.18.40.87:443 www.bitdefender.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 api.company-target.com udp
US 8.8.8.8:53 api.company-target.com udp
IE 54.170.203.21:443 dpm.demdex.net tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
NL 13.227.219.127:443 api.company-target.com tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 sstats.bitdefender.com udp
US 8.8.8.8:53 sstats.bitdefender.com udp
IE 66.235.152.156:443 sstats.bitdefender.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 19.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 87.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 127.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 21.203.170.54.in-addr.arpa udp
US 8.8.8.8:53 156.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 cookies-data.onetrust.io udp
US 8.8.8.8:53 cookies-data.onetrust.io udp
US 172.64.155.63:443 cookies-data.onetrust.io tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 starget.bitdefender.com udp
US 8.8.8.8:53 starget.bitdefender.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bitdefender.demdex.net udp
US 8.8.8.8:53 bitdefender.demdex.net udp
US 8.8.8.8:53 bitdefender.demdex.net udp
US 8.8.8.8:53 www.bitdefender.co.uk udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
IE 66.235.152.221:443 starget.bitdefender.com tcp
IE 176.34.167.98:443 bitdefender.demdex.net tcp
IE 176.34.167.98:443 bitdefender.demdex.net tcp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 assets.adobetarget.com udp
US 8.8.8.8:53 assets.adobetarget.com udp
IE 52.19.209.129:443 cm.everesttech.net tcp
BE 104.68.65.175:443 assets.adobetarget.com tcp
US 8.8.8.8:53 63.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 98.167.34.176.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 175.65.68.104.in-addr.arpa udp
US 8.8.8.8:53 129.209.19.52.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 216.239.32.181:443 analytics.google.com tcp
US 216.239.32.181:443 analytics.google.com tcp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.166.233.64.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com udp
US 8.8.8.8:53 www.bitdefender.com udp
US 8.8.8.8:53 www.bitdefender.com udp
US 8.8.8.8:53 www.bitdefender.com udp
US 104.18.40.87:443 www.bitdefender.com tcp
US 104.18.40.87:443 www.bitdefender.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 23.53.113.19:443 assets.adobedtm.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 34.247.72.3:443 dpm.demdex.net tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 sstats.bitdefender.com udp
US 8.8.8.8:53 sstats.bitdefender.com udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 3.72.247.34.in-addr.arpa udp
IE 66.235.152.221:443 sstats.bitdefender.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 starget.bitdefender.com udp
US 8.8.8.8:53 starget.bitdefender.com udp
IE 66.235.152.225:443 starget.bitdefender.com tcp
IE 66.235.152.225:443 starget.bitdefender.com tcp
US 8.8.8.8:53 cookies-data.onetrust.io udp
US 8.8.8.8:53 cookies-data.onetrust.io udp
US 104.18.32.193:443 cookies-data.onetrust.io tcp
US 8.8.8.8:53 bitdefender.demdex.net udp
US 8.8.8.8:53 bitdefender.demdex.net udp
US 8.8.8.8:53 bitdefender.demdex.net udp
US 8.8.8.8:53 www.bitdefender.com udp
US 8.8.8.8:53 bitdefender.demdex.net udp
US 8.8.8.8:53 bitdefender.demdex.net udp
IE 52.49.110.165:443 bitdefender.demdex.net tcp
IE 52.49.110.165:443 bitdefender.demdex.net tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 cm.everesttech.net udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
IE 52.17.26.1:443 cm.everesttech.net tcp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
GB 142.250.178.14:443 analytics.google.com tcp
GB 142.250.178.14:443 analytics.google.com tcp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 165.110.49.52.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.166.233.64.in-addr.arpa udp
US 104.18.40.87:443 www.bitdefender.com tcp
US 8.8.8.8:53 193.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 assets.adobetarget.com udp
US 8.8.8.8:53 assets.adobetarget.com udp
BE 104.68.65.175:443 assets.adobetarget.com tcp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 172.64.155.119:443 privacyportal-de.onetrust.com tcp
US 8.8.8.8:53 download.bitdefender.com udp
US 8.8.8.8:53 download.bitdefender.com udp
US 8.8.8.8:53 download.bitdefender.com udp
US 8.8.8.8:53 www.bitdefender.com udp
US 192.229.220.142:443 download.bitdefender.com tcp
US 192.229.220.142:443 download.bitdefender.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 20.162.145.158:443 app-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 158.145.162.20.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.17.251.10:443 aefd.nelreports.net tcp
US 2.17.251.10:443 aefd.nelreports.net udp
US 8.8.8.8:53 10.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 upgrade.bitdefender.com udp
US 104.18.168.222:80 upgrade.bitdefender.com tcp
US 8.8.8.8:53 222.168.18.104.in-addr.arpa udp
US 8.8.8.8:53 nimbus.bitdefender.net udp
US 34.120.67.236:443 nimbus.bitdefender.net tcp
US 34.149.211.227:443 mclb-gcp.nimbus.bitdefender.net tcp
US 34.120.68.241:443 eu.nimbus.bitdefender.net tcp
US 35.190.56.82:443 elb-iow-gcp.nimbus.bitdefender.net tcp
US 8.8.8.8:53 236.67.120.34.in-addr.arpa udp
US 34.120.68.241:443 eu.nimbus.bitdefender.net tcp
US 35.190.56.82:443 elb-iow-gcp.nimbus.bitdefender.net tcp
US 34.120.68.241:443 eu.nimbus.bitdefender.net tcp
US 35.190.56.82:443 elb-iow-gcp.nimbus.bitdefender.net tcp
US 8.8.8.8:53 227.211.149.34.in-addr.arpa udp
US 8.8.8.8:53 241.68.120.34.in-addr.arpa udp
US 8.8.8.8:53 82.56.190.35.in-addr.arpa udp
NL 23.62.61.104:443 www.bing.com udp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 104.18.32.137:443 privacyportal-de.onetrust.com tcp
US 216.239.32.181:443 analytics.google.com udp
US 8.8.8.8:53 104.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 34.149.211.227:443 mclb-gcp.nimbus.bitdefender.net tcp
US 34.149.211.227:443 mclb-gcp.nimbus.bitdefender.net tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
GB 142.250.178.3:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.200.33:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 nimbus.bitdefender.net udp
US 34.120.67.236:443 nimbus.bitdefender.net tcp
US 34.149.211.227:443 mclb-gcp.nimbus.bitdefender.net tcp
US 34.120.68.241:443 eu.nimbus.bitdefender.net tcp
US 35.190.56.82:443 elb-iow-gcp.nimbus.bitdefender.net tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 34.149.211.227:443 mclb-gcp.nimbus.bitdefender.net tcp
US 34.120.68.241:443 eu.nimbus.bitdefender.net tcp
US 35.190.56.82:443 elb-iow-gcp.nimbus.bitdefender.net tcp
US 34.149.211.227:443 mclb-gcp.nimbus.bitdefender.net tcp
US 34.120.68.241:443 eu.nimbus.bitdefender.net tcp
US 34.149.211.227:443 mclb-gcp.nimbus.bitdefender.net tcp
US 34.149.211.227:443 mclb-gcp.nimbus.bitdefender.net tcp
US 8.8.8.8:53 download.bitdefender.com udp
US 192.229.220.142:443 download.bitdefender.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 23.73.139.50:443 bzib.nelreports.net tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
NL 23.62.61.59:443 www.bing.com udp
NL 23.62.61.59:443 www.bing.com tcp
US 8.8.8.8:53 59.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.123:443 r.bing.com udp
NL 23.62.61.123:443 r.bing.com udp
NL 23.62.61.106:443 th.bing.com udp
NL 23.62.61.106:443 th.bing.com udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 123.61.62.23.in-addr.arpa udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 sploit-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 sploit-edge.smartscreen.microsoft.com udp
GB 20.58.112.186:443 sploit-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 dl-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 telem-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
GB 20.58.112.186:443 app-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.17.251.5:443 aefd.nelreports.net udp
US 2.17.251.5:443 aefd.nelreports.net tcp
US 8.8.8.8:53 5.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 104.109.143.23:443 bzib.nelreports.net tcp
US 8.8.8.8:53 23.143.109.104.in-addr.arpa udp
NL 23.62.61.138:443 www.bing.com udp
NL 23.62.61.138:443 www.bing.com tcp
US 8.8.8.8:53 138.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.193:443 th.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 23.62.61.114:443 r.bing.com udp
NL 23.62.61.114:443 r.bing.com udp
NL 23.62.61.193:443 th.bing.com udp
US 8.8.8.8:53 193.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 114.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 dl-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
NL 23.62.61.162:443 www.bing.com tcp
US 8.8.8.8:53 162.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
NL 23.62.61.56:443 www.bing.com tcp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 dl-edge.smartscreen.microsoft.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe

MD5 3e68d3affb1d07b291b402b1f8733b52
SHA1 c5d817e20dcd38ef8e8902c05d8a13777b88bc03
SHA256 cca66104abc7b29b365f2f5f55579348f0b5645deafbd962fc802d18c520e676
SHA512 d80225bb9b61ae98d662ff3e95775e3bc3900d3820c669956a090ed076154be6a261b327cb872742aeb1d87dcc4b4fe16147b4b26394397b6bb86f3c446fccb6

C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe

MD5 3a1261cc0bee2591e29842495e3f6aeb
SHA1 13187dcb0b83a6ed856317e5bee716940e811724
SHA256 66436a1a34bb16464111ac1042189d99de00390235c4109ba04e3f3a2d83d467
SHA512 bed901f1345725c6d627021b44451d28fc967838bf7f74388f649f4e52e67e7724ff7807da754d4a54f0da4bd40c33ba6272dd76d130c302c2706f44f58fb77d

C:\Users\Admin\AppData\Local\Temp\RarSFX1\deploy.dll

MD5 f945c147a9fc387841cad1dfbf4e8d5d
SHA1 c80176950df2d75d3808b068a59515b675b751b5
SHA256 270624099bef280a7b918870d5f91b96e2343b7e99248d63f71060c85848fc5f
SHA512 5bb2287409fd9f234bd14c0326817143ffd9cd0a81b08bffa5d51c67e742f2fd1eaf3e4cabb44f70f57fdcdac4e0b7a6ed08438b4a09d74f857263ac9fc6b942

C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\agentpackage.exe

MD5 f985bc11f5c253376832368d716887df
SHA1 9928845daece19eec3574663a5002b1f1ad2f1ff
SHA256 7834c16dedb88808908230d77f8ccf9bc33d91e423c73fb433791b4a91ab1fec
SHA512 ec5cad6935161ede888c242fd123cfd88e25485cd9f924df2688e646b70a7c55180768583dfcd6d3cb467ca9736685088ac19856dab8026ecba02d5388f4c3d9

C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe.md5

MD5 d0ff045223f7a464b8e99045311adbcf
SHA1 4a54d4dcc976fba5f621b0fb228f2a1b3d78e5fe
SHA256 456d61d9bccba69af0073dd2f83ea3d85189570e8d5f4a61da417e985e397353
SHA512 579f055753e634e5ea66c844689ea9a5d993f495cb6b70e1fa3aad9a1edfdcf615f8a21c9f635a1224cab1edefbec485dcbc2745135c67b74081e398fe023b69

C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\agentpackage.exe.md5

MD5 bbf5d2f19ba3939692408b5a55b082d5
SHA1 60da06b28920b0ef1f668fdeeb82e908c757e54a
SHA256 318a1ed380d09ad14c444d398a37e82d610451f089c6e9d4fa8aa7fa72205471
SHA512 d3154dd9168fd19016ed40711455adbcc03d1276a42399fe7daf4ece0ab9914fcfe22b9a6c558d49ac74f348d109c715263b4459ef15b71673fc4714543c0c37

C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe

MD5 9d7304940c94412bf8b673d3eac550a9
SHA1 f8ee2b630e10ea85219b5468a026e4f9fba1e6b1
SHA256 962deac26d2afa9ddf08795353a743b2799bfb7d05974737b0a9f7314ab546b1
SHA512 adcc520c2903c1b3afd496072a9fe80da7a309959c2a9f7538aabe69ead651076bd4b575d2af86991830aaa61ace25dc31e1141ece4fc31ec7f9e7dcebb8efb2

C:\Users\Admin\AppData\Local\Temp\RarSFX2\deploy.dll.md5

MD5 bfe1320798a188eeaec082af4acf9fd7
SHA1 21805830b677338ea49d82bb435d8067ca51a31c
SHA256 cfabb03e491637c2fec910db0194dbd3e7e3123affee2375629268634d3503d2
SHA512 dd1b64fecc103ed290cbdb7254872860cdafbb67b975eea88c094e686313572afbdd13fbab5a7d7b5ee23654c4fddab080af4be9b369771e9b0d8888d283d531

C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe.md5

MD5 adf45d21ee156877a30f4680b6a742fa
SHA1 a7b9b151e087041f6bba5a8539ed26d4c5b6a373
SHA256 f22a08394a54e58276d9ad87de2b0ad691c70774771b0e5876e5f8854bb3d594
SHA512 516bb29019971a72b995c53cbcf65eeaf5dd233568252cf0a287048500eaf113944f6d9c2ebf39490d30df7a8f776b0bba07807d3d4f385b8c75b52e5663fb7b

C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe.md5

MD5 46300d15f2888e56873e3635a808bf3b
SHA1 25c3a21bba8c2222561a4f29d19490ffd908a159
SHA256 a920f077ba2a9715802a3a8d83ffecd7fa1f8025a4459bb8db1a739e2f712fbc
SHA512 a98ba740817a6d9613062b870c86e616194911ccc653da55dfcef5d5e2a384dc0edde197b3ad50ab7bf8cf3f88dd23ee3187f94cf63ca86a8f441733ae214a92

C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe

MD5 78f76b6be4fad6675e1143183d15ab3b
SHA1 665f96cf8e99cf5ff5cd17c37c3c849cbc02c708
SHA256 50930b96f2c678175df548597dcfd4e386ff62c6510b80a5ecf84888818b73a6
SHA512 75d1046705ebeba4c3873e91b7217dc59b3cec8f97f59f5deff1bcb6007d5e335f842dcb46a090ff06b3a38c6189bac5381a2ea8122640aea5d50804a6cfdfff

C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe

MD5 2fc7df1d2f814c097bfa3027e7293da1
SHA1 77718fbd1060b9759266914969829c1b9dc3f257
SHA256 1fa49e02ca28b73521e03d647af22080c1818fcd54b87952cdc48bacd367a4e9
SHA512 1cc3e99d13debf9603f7761a8fc5e3d764e94a14d27ec454f02572618c24403f409ab1e8b61169dd43f7aa680007988297a2d5ce25af29ab786b1fc5b06e8380

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\additional.dll

MD5 cd10f317d54a8ba35e5ce85ba3b60220
SHA1 f1c33ddb09b0b30fb99917d2d9b8b0346fc20373
SHA256 ee05132599596b99f595b0ecf7783e7e119d5d03519b12fe9f3dbf5deef6fab4
SHA512 e9e56ce0b9a61283c18acaedbe22cf068a3b078e0836e3c0c2ed75d1a3e9199d834bf107321418c587cd235570b2ff48f0f04763d1ade475fb1a97255b2c479f

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdnc.client_id

MD5 f4c2784aa289f17d144a589751c7980d
SHA1 b414dd690863acf3614c25c911697f1b16c24c62
SHA256 e6e827f81840ce8975cd5e30467ddc1661c3f407cd9d342d00800f32c01dcc26
SHA512 3f3f8f8ae91d679745189722c88d97d19e8728ce3289deda2e89a79061ad06d0a627a9783a9ef2a833f6a7843d882bebdae77d178f3d810b581093b299f2b70e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdredline.bdch.json

MD5 3266bd308834ee8d251433b44ee0a48d
SHA1 c271fbb539824ff577752d2f82b1b498a9ac91b7
SHA256 a773cf585925921309cc117e59ee87c56ae7e9f7e7532b4fb153e4ac72dac76e
SHA512 edcba4498e553b4e6d9eb28b7c29e880b04ab531435c50685d638769ac5ae74c6e3de8c02ecdcb385d05f347b27f2e1e6bab72ff45a16642013b28b44fe85321

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdnc.ini.md5

MD5 3a0a7d7823833be6e8af5ab1af295139
SHA1 1895dea63fb05e7e6f90e052936de086874c4c75
SHA256 a5f15ba3b16384b584780f2bbb0ef3e7fd49ccabd0b9ca10437882f65f49c7f2
SHA512 0d1377acaf8c5062e4ed7b3ad3fe0fbae594b6ce234aa9339471a31c63d6ea768c6cb2ca24820fc7726282c7fbbd41da29242cd3c288d7a0e8cc6b7e49c9835d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdredline.exe

MD5 bb8bdc561394c4ecfd2158d228da62b5
SHA1 34b46f4978ce08acf9c2218c22e8f2bf0d24a745
SHA256 ae283b45d858cb916f27b724db05049aceb424e049cd8c8a9b145547299f03c6
SHA512 8d02b3957c3efa279dccbd7aa521c372b03fd2afc2699f29bc178caaec8414baf0405987b5673b8d8e29c94bf962b08b36424ad08d0399b02b4319f5e7c5467e

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdnc.ini

MD5 758591d297b16ee7b5127f2fe3e67a27
SHA1 d782a572579a9f52e31bef5377997c7f9be28790
SHA256 2c6224951714e685114b51c4e598c2bad8c7bc16975f7401ac51e101afcab837
SHA512 808f47903ee90c68939aca97ca06b1523bc5355d7de6c1b3ec14d0cd560b3bf77abe7c429964176711b91bf6a9bb2a1a9fe22206daa465ff2ec55e55ccc2eff3

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdec.ini

MD5 96d15c4f3db04429631866751a1d2890
SHA1 61066ffead2b6859e4d3fd497a78b05343ccf25e
SHA256 e8d31c1de790f738ef75daa0402584560a0672402d0d3ded0899d2dbc95fb911
SHA512 2e5c94e2d92eadd28f604ed1f04d6e2dc9d9a4ffb3c2270e9d19792ad41c0c536260616a17b433f4f2bc57b31b116ffa06eefb61955b98029f15593db4122189

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdec.dll

MD5 e2a0334684b05bf05a953b80a4832d20
SHA1 d29dec0042c65ac02c411e4caed37a5e1aa84d5b
SHA256 7dedb34158f800166567887c7a007a85eca0be379d20d51da3230f66c6b094c0
SHA512 0d486947d1c87ee632930afb49dae1061bee5b271e16a419c9e37a92c7083509de3e8980a73f8a9f2724421612f2cb9d33ea4156ab5c3afa34e4a98fed84ea92

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdnc.dll

MD5 c86511990365ac18cfb527e41a6f7eac
SHA1 d5119c749ba9c4f4a91120381cae151ce8cb82ad
SHA256 eb247a43d0cfd0662559f1e3a2bb6656a6b7d465c8d404d5a3ea090daad78196
SHA512 d76df94f69421921a04f768b04120cef09db6e6f8d8a930033893766444029c0be9c86250e49e9ea11c6d804cd16f4676ab0be860486d22f4992a65deaf30df5

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\cs-CZ.txtui

MD5 acfe51999ce2e2361e5f13e9b4fed750
SHA1 82be366bea26ca1eef8c35ca2f26a9baab8551e8
SHA256 6db99180a45cb0116807a7d83702651468a1982596a0187d2fd8b9fb9e3623e8
SHA512 5494f6b520767372f67b3f98c2aa80b35a53c8f7167a80f2b9d9908045ff412e5348f9f69eccaabe14433c2ac5ae826dac4cf71d3681b8c120c763f34d62f07d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ko-KR.txtui

MD5 aa4f830df7541223c25856a2d28b2e17
SHA1 e0aa7bdb69b0096166998ac3684dbded63ceb872
SHA256 8b3d7909a22d6de96eff2c7880806aa2c60b69d304441d78f62976d023ebddd2
SHA512 29cafa55463461e0608fabf1e61638c73b78cfba563b608225d53ceb7898a24309a3e0ecd635ed4391e287cc096f3ea49fed7fb5ac38d291348348034ea33fe0

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\pt-BR.txtui

MD5 6aeff62b201b5177138456d25bace1c4
SHA1 49ad9fc51c2516062c8b7316a1d4cd37f610f9d7
SHA256 a35bb6141e50e60abaee7c5735c3e721eff4449b0afe25737ad13fab0a66f5eb
SHA512 d34e4fdbd456bb8687e7e722cd99353adc67e36a5005a86e3b1bc7255ce42b8967845310fec71f3405f6844b035c171996e844374c3ad47e035fdcfc622b5a5c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ru-RU.txtui

MD5 4743451ffc9d429770d4a4e051558627
SHA1 f9df9f5695764ac6ce8790b4b589af790a4280cf
SHA256 0883c4138419e4a15fe4821be95ed408b13ddfc3ab245cee15c572ad9b4296ed
SHA512 4368dfa61e80fa9a358189da7aa74b4d9d5c9ce100a25011620c0988719a18cde4c3c34f946c939c5ba5a41be20b8bbc2227d31aab07a322d20424c2e3c460a5

C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe

MD5 af850a5433c3ff2e33bc4222e14800e2
SHA1 74baf15228a800287d13771882bb4eefab75010b
SHA256 e19399997dc084d27126835a42b2e478a37223a6b2f649fe88490112bb6318ce
SHA512 f3ddaa6de21bf615894f638a2ab49d60a914ce30682596f3a2c5b8337ece1657c649c527cd99ce2b7db1dd3522caa4ab43afb228e1657f6fa32eabe2188b3b25

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\ProductAgentDP.dll

MD5 0e170e693a13fcf60a3cd246a24e8822
SHA1 61829794e5d968c3c1c106953002c2851e1a992c
SHA256 6a5f84c751142ecf5bfca2bfcdd00f472fe03eda81125f4561fd7abe4e82ef86
SHA512 de97f1e6d1b1675dbced1c35f4916e74fbe7e28f049a3c6854a6ed1c74cd834a1a83e4642450f46f9a7da85ac70c4ebbcd42db55f3ef530c76cc76c714c4bd2a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\unrar.dll

MD5 02976926dbd2950c19ce250688b210b4
SHA1 70edee2b167e2c4d21f0816d353d06a562aeea53
SHA256 03a9116627f80d4c1ae1c42d341ec5714b0b5c90f6d9defecc1213b5f885c437
SHA512 1d098c89b9849b77e67ea480a588ca4af72bd4301733704f5592311d9d897e195017cc34ab965420bd29aa9b771ab6428de036931e31156cab6d6d736c11c554

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\sciter.dll

MD5 258e030e1961923617df3d6ee6dc1e5c
SHA1 fea5a96214480383fa1aa5ff674ad3febd45aee3
SHA256 3eeebdf2a76db3ad7fe70fd72ff2badf495767f0e75d8fb2c3210fb8b541a2a6
SHA512 9269f481a52df490539f65cb71dbb5c582ee7d446c5b5af38146c210b2870bde6a12bfa9df0f3ea9376e14bacd3c5d3b9b42dfdd1904e9bff835c117d97a88c1

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\zh-TW.txtui

MD5 6d14e1148f4796cfa3348078dddf34a2
SHA1 7dd9e51bcafdb03d6f55ba87e721df090d6cd25a
SHA256 7cd71327d7bce991959986d56dcd0e1ac21914fa467b1e4c259ab3635436788e
SHA512 e2dde1930c5b2128a94a5311eab159b8a3012ad56f1e48de49e7f34e149c2c6ccca913906510419a92f33e9a7104d6b6d9d4a479ed4411e8948035b06f2d7825

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\vi-VN.txtui

MD5 5a92744a7684d91f58df4840c172cc7a
SHA1 e2a3e60b179b4d24d4c5621c204d1c94a0372ae0
SHA256 c0c93c0e92196ec057e62f46c0cf4f9e95fb9d70fed441f2c570c77f3e5ef982
SHA512 04e406bd9ce1f06d003692bb6f2e916fe67f939e8f25ca28e79cd298364ff595e583a476068c16cef51c9a294c3f0ff4dff4fd6aa8698ee32599d85f3cf44cfa

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\tr-TR.txtui

MD5 c672b9fc2c06a13858cd470bb86ab975
SHA1 ff79f99879bfdeee968872bf261ef71e6c693bb8
SHA256 e207a98a17715be9fbc394204fb1051e56395941c8dbc7c380974582c857ef6a
SHA512 bba717b06b564cba62e258f30dbe58e287f8bcb65befcbea8d91a76fb435f4c66946f460df6a88a8abe46465e9744c278119f9072b2285722d4ecee3c8f02a59

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\th-TH.txtui

MD5 c3a4a5cec283fc18f180d09c594c9de7
SHA1 1d8f2164bb6852eecb8e0edbd3463165ba349344
SHA256 65e8f499c6989ab449ad88bc9d5a1b42b5c8cdf3cea4e11e4cb9d9184ececd6b
SHA512 9234064a489fa1d17909d7aa3d619a4daff2894ba6167b0d9b48568818e03c55599c46c6f9c70765df8a4da0dbc40a4f03132eef973ee1e9886799e86be5a679

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\sv-SE.txtui

MD5 2242b3ed175f47c015fe9520d1226698
SHA1 baab2629196987f355743eb1ba76ddc93913617a
SHA256 aad84dd6a41125f046647e0ad66bd7a783f7eec9f14f2522601c5b36b739fba6
SHA512 dca52df895ca92efba0af47961b6f1acc57f9813fe4b3ae9f35285b664b56989e9421f218c08f35ced05063039e7b3e7d57bc84e850c08e7dfba3aee4b3e13e3

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ro-RO.txtui

MD5 981c60313dd23358f54b11ae8152c7ee
SHA1 231393e872bec01b7720d035a44168d0f8ee6589
SHA256 91b2199f6e647c9e856a52f8873e4e498c024a4fc93b9ad04fbc8ed331e6cd4a
SHA512 c0dc0f66c7a9958356b794eb3097e4866a3a2ca906aae96d27cecf263667e36edcfac111d3dbdf94849e58e648b2c64b9cb27d66861cdc60bca5fb6cb53df735

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\pt-PT.txtui

MD5 98b822769db8924bd6691452e869cd6b
SHA1 132987e08da247718cf36df8070f921d2e3bde59
SHA256 4ae43bada5e18aeaf311d5dddc3dc9711a4ad1a7091a88272a4b68d9fb063528
SHA512 5149efd86f82250ca5a1fe5a39c1143ec34466dd59358cc9a13924e072e2549bf541675cee44d2784cfd6c737263369929fbc24372fdbba91fd1141a8cfebe24

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\pl-PL.txtui

MD5 5658cacf2c22f48391c1828f6f159e68
SHA1 e647906f1fb69bc457eacc1e914edf6e1d71acc2
SHA256 9ac366095f3947e930695fc5936c3db350edcfc3d2a1bebac27fed60a3113120
SHA512 e08e735b0df8e4b4985fab3084d5be9d5abe6e8215c5a60002b9080112fec8ecf137246d5e0fb39a9e38af27a7a8ac9e5d0d5e927240f8973ce54da3420e1a6d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\nl-NL.txtui

MD5 5cc6bfd1f84adcbb9545f57514e2917e
SHA1 d7f94e0049904f5022b2501d3b3592838f74f3c8
SHA256 87f0694ad48968ca5f635af0b2176a1fa07bb0912e74878a525f5c0ac11e75f5
SHA512 b3c236062502b0279a9e337acaf20dca6607c2b0260547b44a0ff6a66a7a40cfa93556f085eafa84247f91f0ae2324d4e32aeb028c45a4865f195ced98a6672f

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ltr\resources.dll

MD5 72dc57d6b0b7a541bbc8f4bed42ba48a
SHA1 8f1269f8351cc6db6f624d5f4bbd2881ad65a15a
SHA256 075e253101ba416a8a3b572e08ca5c371a8cd27cf473be319e7cc88982523a00
SHA512 e198e144ec1043ca1206f65af5c2b46bc8ef4a957c51b89b3d5f74f72f7b1d4d7e2ba765e6e28cead62a4dfe5cce571961366e821504ebab687eea50b7c3c26d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ja-JP.txtui

MD5 2ac9c41e7be72ada13001c20a3022802
SHA1 10a7b72ec6ceccff31e2cee5248bbc03c542631f
SHA256 06ec42448bfdbf8d63766bbe8fd8294a2d899b72d017ed1472660d2e28b3721d
SHA512 0cb97c2231df29b4de7f9835d1ab0a3e41225a38b846668976b5968c50bae2ca2ca3997b1fd27426976135bd3ed1069fa288527513c4fb6cb24c502d22daf6a6

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\it-IT.txtui

MD5 a5014bcd27fb8bf46992454145fa82bf
SHA1 0b593e1631f8889bff3843d104eac2e471fc5239
SHA256 b6747c96bf9d2fd280ccbfe4c8f11502f293eb82f93499135cac5d8ef85750ff
SHA512 5f9136601e04715271f121258ae603a91bb63acb1a46e065e0a44a96aa61c5c09f8afa0cfb4ed88e77a3e4473ec2e5710af32561deb22c503bf76f59a4bb2c5c

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\el-GR.txtui

MD5 2ca070a7ed7d91b6baf38979d8e76cd2
SHA1 ea689a87c8fe6f111bcf7b346d93e4e9c1d95dd5
SHA256 798db29b0bf9fa369806ad5f9bd48d1b2f32c2792c143724d050771cd374b16c
SHA512 d7c7136d8a0eb96ee9eba56404bf17ad67860cdbddc4668f29c7a66444f8f19f348b5e21b9fa278da88a0bd4b7f91c2ec0d0b7dc287cecee72a63d5af8fe4268

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\de-DE.txtui

MD5 5eb63b027646873e5c3c0ffa1a6e3ec0
SHA1 68f8e83c8d97ed0460ecb9d70a1bf9f25cd7b859
SHA256 b26fad351307301bff6f8632f3612a90f00cf9e4bd5636abad7a9f84a788cf8e
SHA512 6182ad2d3657664e5d39fa8191468e0594b7a79c543e71e63414ce9cc5f6f95e25204375af3583596d774e6f3d0aa0c0ad915b3f806cf68a05f81fa9c1db951a

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\hu-HU.txtui

MD5 a23d96ca0e8babdd67e6768baa6c7158
SHA1 e879bf1a86f0b9d2fa92f0d2f57771bdb1164eb5
SHA256 b00d62241bad1f33fc6710468910c2a789e640f99be5361f5ca351893b133761
SHA512 eb6e90396374c9bd94c60a6ae69c8d1aba056ced80a9e65302cb60075b92041608668c54f27d186ad1b21d66eb65844f43282e6439801350414296546a8f6c0d

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\fr-FR.txtui

MD5 7b9baeef229a87c12b73f29e8b598db6
SHA1 dd2a247054248d2466885f63e821e2cc01c0f6f9
SHA256 7168899eab467f9da09a0ca8090ae2ebcc98798ce943438afbbf4d4ef947c9c5
SHA512 b6a7e398855c16c7d39ad00bd93422fbc8af18316cf107d94967a2295ddba22dbf3e0905fbd7f328d4345f4e9e0a6c0d3c5b84ddfa91660499bd2539be7a12e6

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\es-ES.txtui

MD5 79303484d4afa7e4f89286ca3fd4841f
SHA1 9eff33b428a6e8d9f98631932815a98b248bb78e
SHA256 ed7a5d941e172e91f8f2648dcc7927c3fc6fa4bb8c51723ed880573a404b5789
SHA512 2d5e51fc37dcda52bde4a5f360a97714faa4acf25903bbf0f71646c36e73566ffbf02a74ec63208e88df22343d4090d5d0fa49250b3b6c918de165355dfaa454

C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\en-US.txtui

MD5 a3caadd2145dca3c6ba88ee5db14f53c
SHA1 1d6ca8db89092655be13dcbdd71abca63cbe6d76
SHA256 65e22f722245db258c88750c1a5e3ff31d1ea0831ad0a3e6489885e7c3d6ad6d
SHA512 e4c1b1d4b77e9eef9ec3821e59324e839baece4f759fabbad2bd4f270acb858b2c0a14b2ae28e56aa1212ff75ca07cc100ccd70c24d58ed49a1d392ec4a3c78b

C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\data\params.json

MD5 18e8266414333217c3ee3890f08f2b0e
SHA1 522f2dd954cfc578eab7ab130767a106eefeeb08
SHA256 ef8c5889b95e2aa2f1369598d8b0c65ccf7b04579821983a6286d686b2c84dd6
SHA512 5ed43c1fc64c67d41403b2b3c0bce64aa68415ff0583a354a9802af56e4a16a1761b3f73afc51539c132aec7247d1ce932430411c939b0756510b4905bded0b8

C:\Program Files\Bitdefender Agent\27.0.1.266\settings\LoggerConfig.xml

MD5 bda7be337da35949bb617c42de5fd811
SHA1 bf5e6c6a7dc9f9ccdb6207ac0d31a1aa76ec93e6
SHA256 54e2f0d07609a40a45bb12d3a271eec1fb9021f62b756a4bdbdc42191fd79dcd
SHA512 19b96b62a4055bdf254b13acba70fb8a4ec606a45abfe4fbf97c29aeb16a9e12d4e2529339f7571f62558559111f493bc52797388bfe629194cc89fb9d1b275e

C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentService.exe

MD5 33bc0814d3ea990455a2e956a24fb71a
SHA1 09f9d7550d82512ddfdba4aafcb538a9eccab342
SHA256 79a1b5b25ddac2372655399805ee5f8d770e1083440c67247d7ab5a659909f37
SHA512 ea5a8cc2cce28e657d776d81e4d9865773eebc473a6052989d6f88b246bb907f9a3f260f7a816d9e30f752738e0fc18126e0b024f8e628422a58141148b5b5d3

C:\Program Files\Bitdefender Agent\ProductAgentUI.exe

MD5 47f4ae0cf87bdc54a2ef7c4f4b11737f
SHA1 c3a9389a6614d0127253d5b6092752dd709570e8
SHA256 af2928fc85499f5e63c78147bc5f971e9155004f557db92a9bf48da6d912431d
SHA512 676619dc3d1c8f7978760bb5a26df62e87006df8c1aa4e6223204f11563dd284c17921e997fbb4f3923785c507b133dadb4b142467d8d48e5efab3b7f7dbb5cb

C:\Program Files\Bitdefender Agent\27.0.1.266\bdch.json

MD5 bdcf2d58ff16628e5cd7708a446c5f76
SHA1 e61e02bfdd932ca3b605b1486df3206439e52463
SHA256 352766658355f0ffcdab30aa0ecc504f69b4ec5c02240209ee168dcb69c56e91
SHA512 f4d1a4ffc57d413c053a771356dcbddb5cfadd9692c2813e9cb05067583ede86afa9da590060ac8aa9dfd34e211d6907e85d00ee95099e96b1cdcf7621223ddc

C:\Program Files\Bitdefender Agent\27.0.1.266\bdch.dll

MD5 3e42b901cb1c89e5994649703aa27d09
SHA1 2df41dc5b36165fa2d3d02f2e5eaed6e33f435b8
SHA256 3431e5ae5302dc04aecd77b1e52c2783c316a32e90349a8c418fb0e16e53a660
SHA512 e7ce58642f32bfcedd787d4c512945d2ec0ee445a9a65ede932196ea87395812729dc3fdb0a22fa601ccb73a9372385b8bdc844f65ba61748175213e7f838b64

C:\Program Files\Bitdefender Agent\27.0.1.266\bdreinit.exe

MD5 87708aa959b727dcbaf61e1e70e39102
SHA1 41742e628b8e5148e7dc79392bb14b51344418ed
SHA256 6192ff8a25dfe8fe1f8ae025fb727ac29e69dd8f6702e89793ee9c27d09b5109
SHA512 0a275257fa5baf92ba982e0d450ed1cd148c106b8a3170f30588df11089cec42b56e2371e62f675db87315622ddcc58bc42798d4927689a8dd4486abc5146b15

memory/6528-964-0x000000006EC20000-0x000000006EC30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87edaf69d9d970699337d9b6b58d9d83
SHA1 80911334ef0a2fe3c37b4d64e5e70d8c38f4e38a
SHA256 0083da9aff056050029af102e4969c85b21dede7398e1747e0d48ce4a004a548
SHA512 ae3df80c07858747dfe5975ff3d1d30c5c9b90a13be033f9e149ad64613b8bc37da313262edba57e9db6e1b28bad13f1747d75a13abd13000fb275c706ed31b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\9beb6566-41bb-44d3-866e-a4e70712bc21.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

memory/4992-1292-0x000000006EC20000-0x000000006EC30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d167a0fb1c107b23462f0d8373fcad12
SHA1 f9fa8d79f0ef27e77d4a9fbb0836a862df897a27
SHA256 4ffdbe167ad4d3820be3b0692f45e08115ccb9e9aa86566c7e378fe0349a8864
SHA512 8d776d5f0fc5899dd127b9a556fde09ca9a7a043f4080488f064759ae8105c011648108677de237e5cb1276d2a1964a43bd3c11b4884a92236b05269549a9a46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b4a0035d05232bc99024f74fba7ee66c
SHA1 3fff886ad871f9260ea08be046d43aeac38927c8
SHA256 690a3335e1f8aff8ebb45d5cc8b5116946358553726a5e6334cefcf8a9484034
SHA512 6b2bd32b128de2ceb86d4886ad2bf523f6578be62c23cdcc38c31e231ee87523c95f6aebdced793bab394f937003d955ad85e5ce2db73239ce197c7ce5fa754b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 ed4119f9ac075877ee527208199d4ea1
SHA1 11d2ae5d8ff4c1423f7f9d55e964610017aeb10b
SHA256 4ce35b6d34fc4f55e416e6ed61190862c2ea1eda26a58cc78a448a0e4370cb2b
SHA512 76d7fbe7049604fd4a45097fe62defd7d39b07bcabe12d220a9a9fdcce2fc22140519091cedf89fc1456ab2d51f02d0dc7e0b27efb1e09eff33444d8a1554df0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0bfe6baae0250d225c8ab1c92381b1c0
SHA1 fa198f896787d6bdf60c75a99b05436aca6d49c9
SHA256 5b59cf7f4d19249c39181ced4326fb323b474e3ffba235db8459f1bb29029b84
SHA512 ea8aa75d6496522d0eceb6b50d1f58cab109c95807d251fe45e68c83ee3b586dc899b1eb838e0b1e4523b76f5f24e2a2c50fc9daa2368eda798e97084e49c8f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 826d35fabe03f3af4f12789cae3f0cd8
SHA1 cce175ceb4b64b10fdfe75f1ed3a53c14226c858
SHA256 356515599861f4cffa7d18238763e4f924cd50bca2c34bcd4a73310ff9bb5769
SHA512 04fd9da7d33216a4428c13b1486e87cb9db36a2b4ae5b9c1fe50ff4a1cb2a9eec4db9bde3ea5346ec11a8224824ef8fd01b5cdf61b174c8b17ac9ee75ea6415b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 217dd051b6f254e90426893a97f6b77b
SHA1 eb2f82c112171a5cc193dbb8159c79633d8c309f
SHA256 813fb5f75784bb15ba21159a5e32b543ceed6b00791e8d5a131f769e31da98df
SHA512 f638457058b3a6a815fd5bbf5afb0847bc9b9c8c56f2e079136bf3dec01f2d9e8bae63ae8e31f140a84cb948eafcb6756585defc5e4919df4fe6f1bb6b6452c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 7531ed65b939aad7b333a3be7af0ef6c
SHA1 6a8691858d4ec193574885c3cb2a8f57de83b34e
SHA256 f9583cb3becd1ca60fabc71658e4d8423ee5460f90aa0c6c566f64bfb0694b93
SHA512 85ea169681bb3a76302b86c80b8c6359c9b8dde14a393dd46b86d574d6752e4c4460260760323f6d65379fb413834bb03401cd68ede8f5bce61335ace216775d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 73dbd45fbc232410338b0d2d66cf14d6
SHA1 1418f88ed5d87b8f7bfb283d38e0b16ec114fe7d
SHA256 ccbf262de173078df56f2a6ee85f8cd6e1b6f1b0511415facd2dd0c4e4e0c257
SHA512 413f95401be166a03172ac43c38b2829185e006757fb1bd20e36377dc5f146b12b1aa60069a07d383f21cd17ab9781fa1aa74b3178ae4c2fce36e833f20e5cd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 bac15974735ab2d7d72c9892406d1aba
SHA1 8f575c4b4b1946a92285bf7205f5662b1e9b8ae4
SHA256 8129372bdd34b8c26cec8ab49baeda6a9c609e0ff7bda13f1e0b1f6e6b9129de
SHA512 dd60bc8fb43dbc0fb44e563122414b21d07db3254f13d0e154f8f07a110d3375fb5bb02038d69ba408f0b3a5b5c762ca998c19464594f18e055d255fe7fd57d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 31187118da2fb8907abc91e72df0581a
SHA1 333d1b08540c11d6a15fd112d461eeded9e13fb1
SHA256 2972fd5710060d09c511b23187b23510d5d82ed42fd396eeb7db79ff20a40fa5
SHA512 aa34d94e871e2100a8ce94ab385a31eca55b220b8076623cf63544c3fddbb36e168065d2ecccf4abea2f6cf8991722b1152e4d01826c1dd5645580bd97a7fcd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 cf49a783c060c0a1e8393c818c5bccae
SHA1 99818422a35535e6af332abfb2df4cc0476564c2
SHA256 e4147fca737f77b6771a6d65724d1e48fa5047a1bff61245e46e2e6e4cd4b342
SHA512 bceff1d3af29a0a56013fd8da5f88779ff548f8158d2c728de137a8ed998016049c34027dfaaca35e84d258b39a8e60b09fa08f4260b4688e97f238a7fdda16f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 030c93ef2725c7fafd7497f766137a3e
SHA1 2ffd893c82c82d073c53b58e4f152fd0b47926fd
SHA256 e759149b8b90b0b82ce9a90e30bfe2c27d8618967489812bc3fe62f11649e255
SHA512 b96aa7a5e15c760890fadc9e4c4e4ada5e1dbcd729dfe9d89bdbacc4927cc22776472ca4b80c453686adfeeeeb9bea46ee6251b1257324b87e7ef7596bbcf35f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 ba2bb3c4f758cfa68b5498c0cd38fa94
SHA1 b885775204791088b8893c78038e522663c3faec
SHA256 b37657825ef48137aec40c54e98a7dfdd6fac24b4fde0394b77c45dc1c64d699
SHA512 318564333df4454356d6ad36667591433efa1c5e230b729c9275898cadfdbb1383ca4eab16f865c641da7d5745dc9205e8d90a1830af803a294618f168a6323e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 c841f9041cea970e1282f934b173ab76
SHA1 1199ba38ad2ad15dda141ace6c1791a92b472e75
SHA256 720eea35bd67f18ae094941a27b7fcf47ca7d8058fff3d8c81c84187510a452f
SHA512 afd80e755cdc260f472f721cf5f759b06a30be795680d0c793907ab1dba2d3ad4188a3432760514b38336254258ed67fb461d236086987341f7ffa0163602f44

C:\Users\Admin\Downloads\Unconfirmed 37852.crdownload

MD5 c7dcd585b7e8b046f209052bcd6dd84b
SHA1 604dcfae9eed4f65c80a4a39454db409291e08fa
SHA256 0e8336ed51fe4551ced7d9aa5ce2dde945df8a0cc4e7c60199c24dd1cf7ccd48
SHA512 c5ba102b12d2c685312d7dc8d58d98891b73243f56a8491ea7c41c2edaaad44ad90b8bc0748dbd8c84e92e9ae9bbd0b0157265ebe35fb9b63668c57d0e1ed5f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f247e2365f635c23820b23297ac5755d
SHA1 d398fb9f6ae1a6cd2cc976f5d5ff1008d5a42233
SHA256 a08207bd34eea8f3ba5b2b8727fbbb45c1d40771d80628d55ed3c77c493efa0e
SHA512 68cb650c604a06b9478fe1fd169ee96626186a5ef85486de8fb506007266e0dd9642d1bda381106f2e60608d3338f221110ec5252026b4c322906be5c7a66901

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3822fceb86d2e8b2605fc6b15c601dda
SHA1 bcbe681d0f4ba8a772eef719696a00291df74ec5
SHA256 946bca4422b6cacaefb04228a5166ec152c9267afd3df15da39a2ff5c7ee36d9
SHA512 40bbba4e049efe12a78dff0fc38238a54f22909ee5239807a45f28efd812ff8e863a946cfb0449fbdb0008e251476f0cb22b42f3ad22a3d1402dd838575bf84d

memory/6388-1854-0x00000000009C0000-0x00000000009C1000-memory.dmp

memory/6924-1855-0x00000000020C0000-0x00000000020C1000-memory.dmp

memory/6516-1858-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/3960-1860-0x0000000001F50000-0x0000000001F51000-memory.dmp

memory/5724-1861-0x0000000002200000-0x0000000002201000-memory.dmp

memory/4356-1865-0x0000000000C20000-0x0000000000C21000-memory.dmp

memory/5724-1870-0x0000000013140000-0x000000001320F000-memory.dmp

memory/3960-1873-0x0000000013140000-0x000000001320F000-memory.dmp

memory/4412-1892-0x00000000006D0000-0x00000000006D1000-memory.dmp

memory/5156-1888-0x00000000005B0000-0x00000000005B1000-memory.dmp

memory/3740-1877-0x0000000002070000-0x0000000002071000-memory.dmp

memory/4036-1875-0x0000000000540000-0x0000000000541000-memory.dmp

memory/6924-1874-0x0000000013140000-0x000000001320F000-memory.dmp

memory/6516-1869-0x0000000013140000-0x000000001320F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a08fd5286b661055c645c7a3803dab81
SHA1 99339805d05eb297d82d1b559a379037b97da6c9
SHA256 138b4a98e597f32cc3f72ae573f4c37a684825508f2e94936ba59c8dc35fe367
SHA512 b9d65809a0bca3b147b3c8c31864ce2f6c3bf2cbc362a1d96a6973e417cd4a25ee93b634b2034ba672882348fb52ea2b444243fc59c6c7db6caa9cb5a88fb08d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b00fc85fb693ef787abd48efbeff926
SHA1 4b518c8d583243ff00a9b0f84d5415309cc99a61
SHA256 2be7e5fdb4d6c86ab1ecd6b17c05e5af43f2b5015589a492a9600bc8c85a5675
SHA512 96fbd1e9d1f050fe7120b50f05ca8252ca2e13d1d57a241bf372cb0bf47bf0c3f43950868a26bea403a405026971a6a9286adad2ca9ccc768195cc4cf53ff79b

memory/5156-1998-0x0000000013140000-0x000000001320F000-memory.dmp

memory/2536-2000-0x0000000002300000-0x0000000002301000-memory.dmp

memory/3740-2002-0x0000000013140000-0x000000001320F000-memory.dmp

memory/384-2004-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

memory/6372-2008-0x00000000005C0000-0x00000000005C1000-memory.dmp

memory/4412-2007-0x0000000013140000-0x000000001320F000-memory.dmp

memory/4036-2010-0x0000000013140000-0x000000001320F000-memory.dmp

memory/384-2013-0x0000000013140000-0x000000001320F000-memory.dmp

memory/4328-2014-0x0000000002650000-0x0000000002651000-memory.dmp

memory/2536-2017-0x0000000013140000-0x000000001320F000-memory.dmp

memory/456-2018-0x00000000020F0000-0x00000000020F1000-memory.dmp

memory/6372-2021-0x0000000013140000-0x000000001320F000-memory.dmp

memory/6372-2023-0x00000000005C0000-0x00000000005C1000-memory.dmp

memory/4012-2025-0x0000000002650000-0x0000000002651000-memory.dmp

memory/1220-2026-0x0000000013140000-0x000000001320F000-memory.dmp

memory/2920-2028-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

memory/4328-2030-0x0000000013140000-0x000000001320F000-memory.dmp

memory/4752-2032-0x0000000002210000-0x0000000002211000-memory.dmp

memory/456-2035-0x0000000013140000-0x000000001320F000-memory.dmp

memory/2312-2039-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

memory/4012-2036-0x0000000013140000-0x000000001320F000-memory.dmp

memory/1584-2040-0x0000000002100000-0x0000000002101000-memory.dmp

memory/4752-2043-0x0000000013140000-0x000000001320F000-memory.dmp

memory/2936-2048-0x0000000000730000-0x0000000000731000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

MD5 b4a1a5075da15996485a33dc8d3f5e81
SHA1 fcb89aae921892f5151baea9c6e73f46de90e2d5
SHA256 b2d9ec4ba0aa53edcf3d983c016d4ebc808c68f921729be0f5e65c3337ae71bd
SHA512 085727b83e9d94cfbc109e0ea4d47e953cf91020aad905cd3683ad75d3544eb259c35447a78a66300e2011b1ef524364a32824db07310be71cde8e20fbd4ffee

memory/7080-2045-0x0000000002210000-0x0000000002211000-memory.dmp

memory/2920-2044-0x0000000013140000-0x000000001320F000-memory.dmp

memory/1460-2075-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

memory/6972-2072-0x00000000005C0000-0x00000000005C1000-memory.dmp

memory/5940-2083-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

memory/3704-2082-0x00000000020C0000-0x00000000020C1000-memory.dmp

memory/4436-2088-0x0000000002210000-0x0000000002211000-memory.dmp

memory/3728-2091-0x0000000002110000-0x0000000002111000-memory.dmp

memory/2448-2095-0x0000000002200000-0x0000000002201000-memory.dmp

memory/6316-2102-0x0000000002300000-0x0000000002301000-memory.dmp

memory/3708-2108-0x0000000000610000-0x0000000000611000-memory.dmp

memory/3204-2110-0x0000000000720000-0x0000000000721000-memory.dmp

memory/2196-2114-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

memory/7328-2117-0x0000000000730000-0x0000000000731000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 bee546932067720b4a9002e9a26a164b
SHA1 2be592bb197ef9f248441918a1fff1de3f6db11d
SHA256 aa9cd878fd7d36c2bf049a68fe5853a556afc773815a999759b03336ff040b9f
SHA512 baa67d929d1471ab53ae21ea52bbb55836ff0d7243cf8bda678b329322ac79d79f6a129a89ff0254aefc096979f9d926e33683c8e226e766aa39b94c29a020d2

memory/7688-2142-0x00000000005B0000-0x00000000005B1000-memory.dmp

memory/7696-2145-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

memory/6972-2153-0x0000000000630000-0x0000000000631000-memory.dmp

memory/8108-2148-0x00000000020B0000-0x00000000020B1000-memory.dmp

memory/7528-2161-0x00000000005D0000-0x00000000005D1000-memory.dmp

memory/5680-2158-0x0000000002200000-0x0000000002201000-memory.dmp

memory/4436-2167-0x00000000020B0000-0x00000000020B1000-memory.dmp

memory/7672-2171-0x00000000021F0000-0x00000000021F1000-memory.dmp

memory/7908-2174-0x00000000005F0000-0x00000000005F1000-memory.dmp

memory/8176-2178-0x00000000021D0000-0x00000000021D1000-memory.dmp

memory/6436-2183-0x0000000002110000-0x0000000002111000-memory.dmp

memory/3688-2188-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

memory/6516-2192-0x00000000006B0000-0x00000000006B1000-memory.dmp

memory/7924-2194-0x00000000006E0000-0x00000000006E1000-memory.dmp

memory/1852-2199-0x0000000002110000-0x0000000002111000-memory.dmp

memory/7184-2204-0x0000000000730000-0x0000000000731000-memory.dmp

memory/7724-2208-0x0000000002210000-0x0000000002211000-memory.dmp

memory/2456-2212-0x0000000000710000-0x0000000000711000-memory.dmp

memory/7700-2217-0x0000000001F90000-0x0000000001F91000-memory.dmp

memory/7420-2224-0x0000000002100000-0x0000000002101000-memory.dmp

memory/4896-2231-0x0000000000600000-0x0000000000601000-memory.dmp

memory/7924-2226-0x0000000002100000-0x0000000002101000-memory.dmp

memory/8088-2241-0x0000000001F90000-0x0000000001F91000-memory.dmp

memory/7604-2242-0x00000000020A0000-0x00000000020A1000-memory.dmp

memory/8212-2246-0x0000000000700000-0x0000000000701000-memory.dmp

memory/8404-2249-0x0000000000530000-0x0000000000531000-memory.dmp

memory/8700-2257-0x0000000002100000-0x0000000002101000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 20d8f75605a099564e5d70e22ef29317
SHA1 47157567a23467f41a12a06abfef1d505c979d02
SHA256 e32c98292c726315a887a831cda2934885a981e08d09257448b6c1a5e1a078a9
SHA512 465128251c8ef27e3f6baf6c545e920af1f1ea4d33c495bc63dc9024028a87267036f936e427e5e84f3d6a0c6e16d8d61f16681588338302f6138fc4a369007a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e99bff576d3da3b3def32d8da7362a6c
SHA1 55123895c29ce83771c596e82eb07b2f83046389
SHA256 b34fd9658c93e59f9c36fc368246b14684e0186ad22294726dc4bcfe04624de1
SHA512 efd81f6a28ae391683c95e7044fa464eb18a30db1515f6957417b3e5e5eaf42440c0177ef3717f9627bc146c55977e0555d47489506bf7fb25590282145b431f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 82de96bfd73d707a313d71c0f3593b78
SHA1 5297f682bb43967530db8d50d953b91b54ffc283
SHA256 06a3d7336b08355c65182231dba8b6a1d18fa557a1a956d21f7744212cee25d7
SHA512 6076cd64840e15dadeb69fcc0b441d59df52bc08f2cc74a4447798f88bb8bdf667e76865a57b9fbd0d7dfcd6bd4d6bb13221b472a7847de096c5af6e32cbbc90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 f67f9e3594643136cd72028e622a3a71
SHA1 6957a1c55aa4e91e421707167f6545db63c25b30
SHA256 b74c18cacef79257dfe7301aaa46ca9381c508d3b6d66d8e498c095d40eebf6a
SHA512 e176e324b2349f62db779fdf4b96f251546f9e3bc1fd01a12687100d32feb3f51a9aaae5074dd677c393c494d145cdf52a6998a7cea1c2725eb63c425ef292fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

MD5 b6f7a6b03164d4bf8e3531a5cf721d30
SHA1 a2134120d4712c7c629cdceef9de6d6e48ca13fa
SHA256 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39
SHA512 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c58e74dd25e53bddaec0becd6e19217d
SHA1 f686a7c4e8321ae1b9cb89b01019dc90680c48a1
SHA256 f03ab783f1e941595812ac5e508d634f7cdac3e0efce675ac6ce61c8be86cd49
SHA512 916b3ec54be55ae9ad7fe1c86a52d9009aec9661fc8ae3a7eba916ef2e02a1701b44dfd7a1a61c8a1d0ae36e0fd40bfb33c21182eee6d43c47c406150374926c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 a8be9714877b4d4cf5fe40c072712d2b
SHA1 8abc33b346483e8db9a75123e88eca5ab6e0ca72
SHA256 a21fbcc8e4066edc31ea7007ace0bb78b33ced99fe017aa5defa640013419e80
SHA512 d6f071c6000630a943ec60f01cfc3f4bca374f455aea8c81363ace1e71eb8a6f1c1fcd6b8767d8854531c6dce4eb2940c6771e614b7d81eaa1ed2036732bdc49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 be4484dd656febae3aeefc965f705ef9
SHA1 6b3179e545c0f635bdba7909dfd4a8dbafd7d0a0
SHA256 37723e387d5f1517fad2982d1644fc7a11803ee82c1341d016b82899a3b27f0d
SHA512 1f0caa1b5f66a57c25de8306c0de0052da0548fdfcc0a2678bd7e70e7dca93f561430fd8c586ce8cf7fa75efee073f7ef891cd5b12adee49ffd3933a18f22fba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 aa63e514da738d2d5219e870a38c2855
SHA1 6ca49fd9417eba277198f92005e4ec5cfc0b7912
SHA256 117e234f8f0336626f4df52a586cea35e9d3ebea32243b28720a08da8483c6d5
SHA512 c554c98a1a812dbe0bf58c329ba9ad85f5d92a8640fcc45c993a63942f02755b34e1b52a5b7b325d5a0ad7f5b59eacfe33a3009bd4c74b11fb135814ca947e49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5fe343f0ae18f02b6e21039e6f158050
SHA1 a4d764a5cf9ceb03f63146d32c21f3e3f956d92b
SHA256 90804c48aeec7384863e0f8ca9cf0bc57aa1ebb647534de956f8993881734ded
SHA512 e7087dab72cc06934fd9b466fdbde4eacd71f6c8e9fa70459172cc2c48770b7feb130cb5c6a305eb8f055d175fbc92ae0116dda99da07bee432cae01df3ea794

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 26792eacb37d8617f21058f9cfe59d66
SHA1 7e7ff11c1fe0100c88658e4e88ba80a8bf5a7402
SHA256 d6482e55cd316fad41b9bb3c09726f6a33875f86f77a4c6f40c9fa8d367eeacd
SHA512 d68edf8a7f612299756c7731b7d7837db22ae5f20930b8642dacc88d20b905dd937012601190d10ba2e0cc3776764c4cd619b995263714c2886e22d78f07775a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4103e74241c487604011c8bb00b3fd07
SHA1 9adcae44597ba80e5d056aadda489162baf4d052
SHA256 2195448a296a961c6eae89f814ff795c139d77d2ee4297413e95707c7c4b92c7
SHA512 1ebd1198ec3f99c3011a7dd83f571353399ff2425c03bc154b0d1bd0eab0e8256769c4072df201a5b57205b66388eb70399a99fcb11c359700b3ef20402fcd7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8bafd8d75c062bb3972d3db751a1ec22
SHA1 06d6cc2bc99fb12dd50b3dced21e07a1afb10b4e
SHA256 85fc53bf82787a37e0b917da22df78060bebb37abd877c8d25646eef59497775
SHA512 f7918d7ce624e3e165b2ebe9d64dbd2eb4ceb01a89d66414052466e90317df69aacf66d6ef169e0f72d3bc4bde22bf7240c20cc726244eb28b53c10af51a8c45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 2e1c17b489dc444d4d08201af5a68d4c
SHA1 89e541794a2f36afd3d9b997a608c152360b5786
SHA256 521a5442480e6dc4c03e439a8dfdfaca6b7419e5fd11f993fece872d3ce03010
SHA512 3e797ac5942d4aac7358752a3a3812f066b68e12ac584a208bc5efa949d3f8282d42d28c6ae53ad43533159361b9fe49ffcc652bfde5ed5aa337200f0e067939

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 2ad260ba17bceefc4ae9d6a7cee2b31b
SHA1 b2419bc711166288e773f88b304ddf50adca6f9f
SHA256 d13ea82cb16336d121aadd7a13f441199b3a4faa3e3d668abe1b7542179f1ab5
SHA512 ab9392ac5e2368247a9a88fb64152ff3851f05ff170e1c382ff1288f5c6bedc0df51d3cb870a919c3e7efcd7e1c604a520ae1854688776cea5ff504d402aa5e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b2

MD5 352c9d71fa5ab9e8771ce9e1937d88e9
SHA1 7ef6ee09896dd5867cff056c58b889bb33706913
SHA256 3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61
SHA512 6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 b55a2b00473f3f95ad2e40deaa5cc5e2
SHA1 7f6eee9938a76df6866dc366b0b43a5b38cb52a1
SHA256 20bf4c3551daac982e5e45d9c9a95105660c554619ea66ec5a0a86faf31ba50d
SHA512 428b01f8a473aadcb9f9089685577991695030cce7fcae96a3f70a518f526c54ee31e5fdd49505a17ae70614d152b3d1b4df77833f85abae47ac19efeaec6f5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 5eb36b2fa45464f5287ed5654b5d8305
SHA1 90736116427d2530ed12d77707bf9ca19bc2de5d
SHA256 a34774ed24a5bc14f5eb31ac6e0e9e44b2fce75b431f7562df626126dc31818d
SHA512 f7ed92406ca6b4ee398272282607e532fe20669f2503ab224e341d238322f827404762c890a9ed9efe69fbb7fe8b13486d4c6c76b1da85d4750b1cd52ca4e2e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 b793f2687c4379cebe189b310a81c65b
SHA1 1708d63b8c1645c04b91ea4932465ad4109b6285
SHA256 2d76dfed7a54011e975aa2db7bc4be72844ad3c405ac7d6f5f6862a6a69def35
SHA512 47bf9966afcc62cba64e0148b08a1edc3e37ab8e804dc5c3e21e3b137a71b759db706a1668869eb454163986e9e5f53a4a230d7110c00abfd6836393a238dd81

memory/9196-3150-0x0000000002210000-0x0000000002211000-memory.dmp

memory/11236-3160-0x00000000020C0000-0x00000000020C1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 4613a88442f1665da235920ad9d84135
SHA1 3db8e206c4f00bf1c7ddf223c357855f681207a7
SHA256 d5b9b683d7cd3010d3998fc284cfd782128652b3e1616111f5fe813f449ae063
SHA512 a777d835aa86edaaed55c42aa004472f4aa4453357d2634dd4968aa50c1a6164c1d7fc5ef8834340faf820bab35921bf231ca49db94ed5a502da173d672ea4f9

memory/10112-3163-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

memory/6184-3161-0x0000000002650000-0x0000000002651000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a2e1b06a-5c52-4f37-a6be-dead2012a786.tmp

MD5 8341e9e8ab11ab54004fd8eb98f65d74
SHA1 c3ac6cd53be87ed3519cd2523aafa6f4e31875ee
SHA256 cdf5ae0c99f6f0df3c9c3d52653130dcf9af81880c03e6fc72c0e3ed1f6abf9f
SHA512 d48a33ea7b7b6d9882424fcb9029ecfb3c6c39701dd71332444d5bf1cec66fbc6253507eedbfedc828ea7a38229dc736970600427bd3ea64efbf09aaf6bb9cd0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 53f59976f6b28793a2aab63d69161ab9
SHA1 3c77eaa7d71372ae3473bcfa87c5cc15945f307e
SHA256 488ed4ff7bad9cabb2b0034a437e0ef428ad0e5dde86d793bd56f3a94b45051e
SHA512 db877e495eee5ec27911ccda16507d883878137fe488c233142622573d26252ee0ea17404081b8475482ffeda17b23894304489624f5be2a0b7c09e866ca65c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

MD5 4b0971bb892ec20c6f4c41ebccc7ec80
SHA1 6cf608828f4fe9e70bece8371f5ae82239182dc4
SHA256 3d5f237a66deb5c6af256959e90da2d3bfc2261e9808906ed6e4157124c7ccc9
SHA512 a0de04e1b8a7876cf48b7d53b6af6d7e5ce7ac28c2705b2750fcc639bad36853d30d16ed787f7dcf98f9e0a59a3e6eb5dd33c7b5fdc9734155ae3b79bfc32483

C:\Windows\Temp\bd_79F4.tmp\loo79F5.tmp

MD5 fcaee03e375ed88f91eaea1625d8981f
SHA1 3d8ced50c9e170316b68167cf333cd0fc7d7a4ea
SHA256 607ac4ec08217b0ce99e1e5f9b3798b7952ad913c2d58eea4c1595f19ec8f441
SHA512 c53196ea49136d25df9e1a0ac506ad060c1f0419e832b0dfaad434db4688d6202e9f45ee12056933d7868217c6e06474b4033255a74699f3728c00a5110a6c6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2bc872a2711945484679aa90ecba520f
SHA1 a7550bae9ad616fc7660a0b8fb480a5be2c3ccca
SHA256 7869187ed975fbfe1590858a9183816b6100e6aa1d74e0539f92fe24803ff675
SHA512 2b6c993aada0fb3136089dc935e8c579740aae2ea77cd3e5daea3891160b09c4303c008a6a2dd94f2b4b504c18b6987dc156517eec6c63e60eae050eee08f23c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 563b7c5d50e667577d52cf5f08d380bb
SHA1 e718b57f56e6a0a2cd29c8beb35a85f043398cc3
SHA256 d44236f0ec75bc42c637ae6a2e8eca5fd3e5b90197fe47fc155f2f783541bde1
SHA512 6b4b305f84f4406fa21859ca94a6df4add859c064a8fbb702140019f1a5f39f560ee07e88540cbed5d82a6391991cc379ae5e8317658b377bab7c897b4c19f69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 45a7e49fb040296bbf7cdf3d2c7a9ca4
SHA1 29e31b40d2881a9092f4a04c569a6ce7d77cd4cd
SHA256 e4814356486d84ba681ebb1f17cff3ff249cf47e5af9b7e214527cd3159b8a9e
SHA512 05ef2164b41f660563847d181193eb38461de45e18d4f23f6842c680f459ca76e87f0bbed10209db2ced4413c44561f12a823ff008926754e825fda522866254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 41c49d046abd784f5db06e07c88322de
SHA1 663e2a4ee99b26d749aaa6659806e1e8b2e87b7d
SHA256 a76faad32d09db01cfb90ec850292721b4be1f7f7caf16d30bae9e38f7acc0f0
SHA512 a647b39c7804b22a74c5cedf3953a657500c7b04fe10084497148b36e5b880fc334e0e8924f37d4976e95ae4d785a19c38ea46584a167e80187bd14c7d1acb34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\27578007-112c-4c47-aede-c248be905d30.dmp

MD5 307eea67f8c433d1ae6232772f04dbbb
SHA1 b8940671413a439aa9e9409a2fc63d9acb5ccdd7
SHA256 5837b9ae5b7db3bb9d558b7e174285711a8d1667223abf82ddac1858137768f9
SHA512 163a280c2ead46a1ad83bea6f976a2e8c1aab91c10d3a830319a5cd812c665529d52a5a4ea0238a86279e3ad52abe84e91938aaef8a1b288329759e50160bc03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

MD5 3ce92b699f345d772328cc041866b552
SHA1 79ac3b5f7ab13ae9389249642cf22cdca43065d3
SHA256 3821cbf607d8cf1246f542e660bad2afc1b2fe8022650b9a482dc24b3601aa9c
SHA512 1b0b19e0a26edbb2827fc3915c55500b6856246f1b1c0cd3db332ed0c7b6658277a62b8ea86ee6a4dcf8d1187dfa1ba770ccf4ec067f25f2750802f852fea8b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 e47cf1dedabc0b5ebb1cfba7d1888f4d
SHA1 641828eaa18fcdca5c32ab80a197530a3aedbb29
SHA256 acc9d40078a6733b5afd7dd8ef3af1ff4e0a40ad97bf760de0d67ada51abd3cc
SHA512 ac977cd866f5098201b083b5d11a90f3a7fa802c14c6d98ac8621ea6a8d28cbff90c97ccabb8afbfde86016aa51d2f75311f5b9256f863dd6993b8b42e39f4d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f8967e51f1d20122434e3abb56cc0a5c
SHA1 8a5cfe472eb195d0ddfe7702a7fd109d4c854cbe
SHA256 35abc3b9e39ff6282971417f3854ae00db6615c38e21b0dedb2eed5d890b60f1
SHA512 b44c748bcdfdeb09c600d634a412ee9bc2a0bc64c7e9c324fa2dda15b53247b338e7dae4ec8d54d6a45e2dee51fb7366c8477162e4453945bf3fe9dc266587b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 6dece3f2b074a4cb73410a8ca764312d
SHA1 6917f5f67ecc542c3bf0806c4a207720c115a421
SHA256 5b474447d5f4167dc0c15dffd50931f8dcf539c033034d9aaa2dd031f47b0d19
SHA512 bf25f5054315772db8ad45f96d316f528ac0ac8f14dd47545825003d184a789d879228807d04c1a66fb35452f39bc5acb51b7fa894d46d3977226710ddfe7db9