Analysis Overview
Threat Level: Known bad
The file http://web.archive.org was found to be: Known bad.
Malicious Activity Summary
Darkcomet
Sets file to hidden
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Views/modifies file attributes
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-15 12:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-15 12:21
Reported
2024-04-15 12:51
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
641s
Command Line
Signatures
Darkcomet
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\vi-VN\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\failed.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon_warning_slow_connection.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\network-error.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\ui\ltr | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\bdnc.ini | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\it-IT | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\b-icon.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load_big.png | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\settings\LoggerConfig.xml | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-win.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icon-warn.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\bdch_bdec.ini | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\tr-TR | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-gg.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\check-large.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-BR\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ro-RO\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\bitdefender-logo.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\bdch.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\log.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load-medium.png | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\icon-safe.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266 | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\es-ES\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\settings\UPNPDescr.xml | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\html\Agent\login2_loading.html | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\bitdefender-logo.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-warning.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\icon_informative.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\es-ES\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\field-error.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\load-medium.png | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\bitdefender_logo.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\fr-FR | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\slider.png | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\bdui_progress_fgr.png | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\sv-SE | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgent.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\html\Agent\login2_error.html | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\close_hover.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\loader.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\icon_quest.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\icon-warn.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\iservconfig.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\en-US\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ru-RU\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\btn-close.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\b-icon-popup.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\feedback_hover.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\critical_fixups32.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\cs-CZ\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-PT\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\logo-shadow.png | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\open.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\lang\it-IT\productagentui.txtui | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentDP.dll | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File created | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\logo-w.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\down-arrow.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\x64\FixSfp64.exe | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
| File opened for modification | C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-warning.svg | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\notepad.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\notepad.exe |
| N/A | N/A | N/A | |
| N/A | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{AA7F2615-47BD-42A7-A0A4-17EDAB39076C} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://web.archive.org
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3640 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4144 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5332 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5448 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5512 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4332 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\9458133a422e416f9f9c4bee2adae15a /t 2308 /p 3012
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=4732 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5692 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=4984 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6140 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5096 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5824 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6124 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5796 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6296 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6104 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6112 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6648 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6676 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6816 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6380 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=7012 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=5564 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=5464 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=6364 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=7028 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=7436 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=7392 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=7024 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=7380 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=7524 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=7904 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=7864 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7320 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=8144 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=8448 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8592 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe
"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe
"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX1\agent_launcher.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX1\bddeploy.exe"
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe
"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe"
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe
"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe
"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe
"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"
C:\Users\Admin\Downloads\bitdefender_tsecurity.exe
"C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\setuppackage.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX3\agent_launcher.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX4\agent_launcher.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\installer.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX4\bddeploy.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX3\bddeploy.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\setuppackage.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\installer.exe"
C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX4\packages\installer.exe"
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" protect
C:\Program Files\Bitdefender Agent\redline\bdredline.exe
"C:\Program Files\Bitdefender Agent\redline\bdredline.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" install
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enable
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" start "C:\Users\Admin\Downloads\bitdefender_tsecurity.exe"
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe"
C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe" install
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll"
C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ffadb592e98,0x7ffadb592ea4,0x7ffadb592eb0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2232 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2652 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2672 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4552 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4756 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
"ProductAgentService.exe" login_silent
C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe
"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe" show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2 app_name="Bitdefender Security"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4888 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5004 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5296 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5492 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5868 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5392 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6196 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4628 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5388 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6464 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6508 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4560 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6760 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5312 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2120 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6920 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6024 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3712 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6560 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6308 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6448 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7304 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7352 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7392 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=8028 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6028 --field-trial-handle=1800,i,10757347682025003650,16466505508343733978,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\Downloads\Blackkomet.exe
"C:\Users\Admin\Downloads\Blackkomet.exe"
C:\Users\Admin\Downloads\Blackkomet.exe
"C:\Users\Admin\Downloads\Blackkomet.exe"
C:\Users\Admin\Downloads\Blackkomet.exe
"C:\Users\Admin\Downloads\Blackkomet.exe"
C:\Users\Admin\Downloads\Blackkomet.exe
"C:\Users\Admin\Downloads\Blackkomet.exe"
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\Downloads" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\Downloads" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\Downloads" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\Downloads\Blackkomet.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Users\Admin\Downloads" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe
"C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe" install
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8592 -ip 8592
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 356
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2e0,0x7ffadb592e98,0x7ffadb592ea4,0x7ffadb592eb0
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3060 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3188 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3312 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4320 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4604 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4644 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4920 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4996 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4920 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4320 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4316 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5432 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5896 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4596 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5404 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5400 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5300 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5892 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6300 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5480 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5480 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=4580 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6676 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6936 --field-trial-handle=3100,i,9534777875136678051,11654734260626562469,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 13724 -ip 13724
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13724 -s 416
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\Windupdt\winupdate.exe
"C:\Windows\system32\Windupdt\winupdate.exe"
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
notepad
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt\winupdate.exe" +s +h
C:\Windows\SysWOW64\attrib.exe
attrib "C:\Windows\SysWOW64\Windupdt" +s +h
C:\Windows\SysWOW64\notepad.exe
notepad
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | web.archive.org | udp |
| US | 8.8.8.8:53 | web.archive.org | udp |
| US | 8.8.8.8:53 | web.archive.org | udp |
| US | 207.241.237.3:80 | web.archive.org | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 207.241.237.3:80 | web.archive.org | tcp |
| US | 8.8.8.8:53 | web.archive.org | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | web.archive.org | udp |
| US | 8.8.8.8:53 | web.archive.org | udp |
| US | 207.241.237.3:443 | web.archive.org | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 3.237.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 72.246.173.187:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 23.73.139.50:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 8.8.8.8:53 | web-static.archive.org | udp |
| US | 8.8.8.8:53 | web-static.archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.237.2:443 | web-static.archive.org | tcp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 2.224.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.237.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.244.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 195.225.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.185:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.185:443 | th.bing.com | tcp |
| NL | 23.62.61.185:443 | th.bing.com | tcp |
| NL | 23.62.61.179:443 | th.bing.com | tcp |
| NL | 23.62.61.179:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 179.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.179:443 | th.bing.com | udp |
| NL | 23.62.61.179:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.antivirussoftwareguide.com | udp |
| US | 8.8.8.8:53 | www.antivirussoftwareguide.com | udp |
| US | 8.8.8.8:53 | www.antivirussoftwareguide.com | udp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 8.8.8.8:53 | 156.21.183.68.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.antivirussoftwareguide.com | udp |
| US | 8.8.8.8:53 | www.antivirussoftwareguide.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.antivirussoftwareguide.com | udp |
| US | 8.8.8.8:53 | www.antivirussoftwareguide.com | udp |
| US | 8.8.8.8:53 | url.totalav.com | udp |
| US | 8.8.8.8:53 | url.totalav.com | udp |
| US | 8.8.8.8:53 | url.totalav.com | udp |
| US | 8.8.8.8:53 | url.totalav.com | udp |
| US | 35.224.74.90:443 | url.totalav.com | tcp |
| US | 8.8.8.8:53 | www.totalav.com | udp |
| US | 8.8.8.8:53 | www.totalav.com | udp |
| US | 8.8.8.8:53 | www.totalav.com | udp |
| US | 34.111.47.92:443 | www.totalav.com | tcp |
| US | 34.111.47.92:443 | www.totalav.com | udp |
| US | 8.8.8.8:53 | 90.74.224.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | 92.47.111.34.in-addr.arpa | udp |
| NL | 108.156.60.107:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | 107.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | www.totalav.com | udp |
| NL | 108.156.60.21:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | 21.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.244.122.92.in-addr.arpa | udp |
| NL | 23.62.61.106:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.179:443 | www.bing.com | tcp |
| NL | 23.62.61.185:443 | th.bing.com | tcp |
| NL | 23.62.61.179:443 | www.bing.com | udp |
| NL | 23.62.61.185:443 | th.bing.com | udp |
| NL | 23.62.61.179:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.g.bing.com | udp |
| US | 8.8.8.8:53 | r.g.bing.com | udp |
| IE | 68.219.88.225:443 | r.g.bing.com | tcp |
| US | 8.8.8.8:53 | www.bitdefender.co.uk | udp |
| US | 8.8.8.8:53 | www.bitdefender.co.uk | udp |
| US | 8.8.8.8:53 | www.bitdefender.co.uk | udp |
| US | 104.18.38.16:443 | www.bitdefender.co.uk | tcp |
| US | 104.18.38.16:443 | www.bitdefender.co.uk | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.bitdefender.com | udp |
| US | 8.8.8.8:53 | download.bitdefender.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 23.53.113.19:443 | assets.adobedtm.com | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 8.8.8.8:53 | www.bitdefender.com | udp |
| US | 8.8.8.8:53 | www.bitdefender.com | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 104.18.40.87:443 | www.bitdefender.com | tcp |
| US | 104.18.40.87:443 | www.bitdefender.com | tcp |
| US | 104.18.40.87:443 | www.bitdefender.com | tcp |
| US | 104.18.40.87:443 | www.bitdefender.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| IE | 54.170.203.21:443 | dpm.demdex.net | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| NL | 13.227.219.127:443 | api.company-target.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | sstats.bitdefender.com | udp |
| US | 8.8.8.8:53 | sstats.bitdefender.com | udp |
| IE | 66.235.152.156:443 | sstats.bitdefender.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 19.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.203.170.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cookies-data.onetrust.io | udp |
| US | 8.8.8.8:53 | cookies-data.onetrust.io | udp |
| US | 172.64.155.63:443 | cookies-data.onetrust.io | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | starget.bitdefender.com | udp |
| US | 8.8.8.8:53 | starget.bitdefender.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bitdefender.demdex.net | udp |
| US | 8.8.8.8:53 | bitdefender.demdex.net | udp |
| US | 8.8.8.8:53 | bitdefender.demdex.net | udp |
| US | 8.8.8.8:53 | www.bitdefender.co.uk | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| IE | 66.235.152.221:443 | starget.bitdefender.com | tcp |
| IE | 176.34.167.98:443 | bitdefender.demdex.net | tcp |
| IE | 176.34.167.98:443 | bitdefender.demdex.net | tcp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| US | 8.8.8.8:53 | assets.adobetarget.com | udp |
| US | 8.8.8.8:53 | assets.adobetarget.com | udp |
| IE | 52.19.209.129:443 | cm.everesttech.net | tcp |
| BE | 104.68.65.175:443 | assets.adobetarget.com | tcp |
| US | 8.8.8.8:53 | 63.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.167.34.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.65.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.209.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | 181.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 104.18.33.89:443 | www2.bing.com | udp |
| US | 8.8.8.8:53 | www.bitdefender.com | udp |
| US | 8.8.8.8:53 | www.bitdefender.com | udp |
| US | 8.8.8.8:53 | www.bitdefender.com | udp |
| US | 104.18.40.87:443 | www.bitdefender.com | tcp |
| US | 104.18.40.87:443 | www.bitdefender.com | tcp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 23.53.113.19:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| IE | 34.247.72.3:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | sstats.bitdefender.com | udp |
| US | 8.8.8.8:53 | sstats.bitdefender.com | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | 3.72.247.34.in-addr.arpa | udp |
| IE | 66.235.152.221:443 | sstats.bitdefender.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | starget.bitdefender.com | udp |
| US | 8.8.8.8:53 | starget.bitdefender.com | udp |
| IE | 66.235.152.225:443 | starget.bitdefender.com | tcp |
| IE | 66.235.152.225:443 | starget.bitdefender.com | tcp |
| US | 8.8.8.8:53 | cookies-data.onetrust.io | udp |
| US | 8.8.8.8:53 | cookies-data.onetrust.io | udp |
| US | 104.18.32.193:443 | cookies-data.onetrust.io | tcp |
| US | 8.8.8.8:53 | bitdefender.demdex.net | udp |
| US | 8.8.8.8:53 | bitdefender.demdex.net | udp |
| US | 8.8.8.8:53 | bitdefender.demdex.net | udp |
| US | 8.8.8.8:53 | www.bitdefender.com | udp |
| US | 8.8.8.8:53 | bitdefender.demdex.net | udp |
| US | 8.8.8.8:53 | bitdefender.demdex.net | udp |
| IE | 52.49.110.165:443 | bitdefender.demdex.net | tcp |
| IE | 52.49.110.165:443 | bitdefender.demdex.net | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| IE | 52.17.26.1:443 | cm.everesttech.net | tcp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | tcp |
| GB | 142.250.178.14:443 | analytics.google.com | tcp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.110.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.166.233.64.in-addr.arpa | udp |
| US | 104.18.40.87:443 | www.bitdefender.com | tcp |
| US | 8.8.8.8:53 | 193.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.adobetarget.com | udp |
| US | 8.8.8.8:53 | assets.adobetarget.com | udp |
| BE | 104.68.65.175:443 | assets.adobetarget.com | tcp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 172.64.155.119:443 | privacyportal-de.onetrust.com | tcp |
| US | 8.8.8.8:53 | download.bitdefender.com | udp |
| US | 8.8.8.8:53 | download.bitdefender.com | udp |
| US | 8.8.8.8:53 | download.bitdefender.com | udp |
| US | 8.8.8.8:53 | www.bitdefender.com | udp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 20.162.145.158:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 158.145.162.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 10.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | upgrade.bitdefender.com | udp |
| US | 104.18.168.222:80 | upgrade.bitdefender.com | tcp |
| US | 8.8.8.8:53 | 222.168.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nimbus.bitdefender.net | udp |
| US | 34.120.67.236:443 | nimbus.bitdefender.net | tcp |
| US | 34.149.211.227:443 | mclb-gcp.nimbus.bitdefender.net | tcp |
| US | 34.120.68.241:443 | eu.nimbus.bitdefender.net | tcp |
| US | 35.190.56.82:443 | elb-iow-gcp.nimbus.bitdefender.net | tcp |
| US | 8.8.8.8:53 | 236.67.120.34.in-addr.arpa | udp |
| US | 34.120.68.241:443 | eu.nimbus.bitdefender.net | tcp |
| US | 35.190.56.82:443 | elb-iow-gcp.nimbus.bitdefender.net | tcp |
| US | 34.120.68.241:443 | eu.nimbus.bitdefender.net | tcp |
| US | 35.190.56.82:443 | elb-iow-gcp.nimbus.bitdefender.net | tcp |
| US | 8.8.8.8:53 | 227.211.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.68.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.56.190.35.in-addr.arpa | udp |
| NL | 23.62.61.104:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal-de.onetrust.com | tcp |
| US | 216.239.32.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 104.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 34.149.211.227:443 | mclb-gcp.nimbus.bitdefender.net | tcp |
| US | 34.149.211.227:443 | mclb-gcp.nimbus.bitdefender.net | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | nimbus.bitdefender.net | udp |
| US | 34.120.67.236:443 | nimbus.bitdefender.net | tcp |
| US | 34.149.211.227:443 | mclb-gcp.nimbus.bitdefender.net | tcp |
| US | 34.120.68.241:443 | eu.nimbus.bitdefender.net | tcp |
| US | 35.190.56.82:443 | elb-iow-gcp.nimbus.bitdefender.net | tcp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 34.149.211.227:443 | mclb-gcp.nimbus.bitdefender.net | tcp |
| US | 34.120.68.241:443 | eu.nimbus.bitdefender.net | tcp |
| US | 35.190.56.82:443 | elb-iow-gcp.nimbus.bitdefender.net | tcp |
| US | 34.149.211.227:443 | mclb-gcp.nimbus.bitdefender.net | tcp |
| US | 34.120.68.241:443 | eu.nimbus.bitdefender.net | tcp |
| US | 34.149.211.227:443 | mclb-gcp.nimbus.bitdefender.net | tcp |
| US | 34.149.211.227:443 | mclb-gcp.nimbus.bitdefender.net | tcp |
| US | 8.8.8.8:53 | download.bitdefender.com | udp |
| US | 192.229.220.142:443 | download.bitdefender.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 23.73.139.50:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| NL | 23.62.61.59:443 | www.bing.com | udp |
| NL | 23.62.61.59:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 59.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.123:443 | r.bing.com | udp |
| NL | 23.62.61.123:443 | r.bing.com | udp |
| NL | 23.62.61.106:443 | th.bing.com | udp |
| NL | 23.62.61.106:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | 123.61.62.23.in-addr.arpa | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 8.8.8.8:53 | sploit-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | sploit-edge.smartscreen.microsoft.com | udp |
| GB | 20.58.112.186:443 | sploit-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | telem-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 20.58.112.186:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 5.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 104.109.143.23:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 23.143.109.104.in-addr.arpa | udp |
| NL | 23.62.61.138:443 | www.bing.com | udp |
| NL | 23.62.61.138:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 138.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.193:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 23.62.61.114:443 | r.bing.com | udp |
| NL | 23.62.61.114:443 | r.bing.com | udp |
| NL | 23.62.61.193:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 193.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| NL | 23.62.61.162:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 162.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | dl-edge.smartscreen.microsoft.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
| MD5 | 3e68d3affb1d07b291b402b1f8733b52 |
| SHA1 | c5d817e20dcd38ef8e8902c05d8a13777b88bc03 |
| SHA256 | cca66104abc7b29b365f2f5f55579348f0b5645deafbd962fc802d18c520e676 |
| SHA512 | d80225bb9b61ae98d662ff3e95775e3bc3900d3820c669956a090ed076154be6a261b327cb872742aeb1d87dcc4b4fe16147b4b26394397b6bb86f3c446fccb6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
| MD5 | 3a1261cc0bee2591e29842495e3f6aeb |
| SHA1 | 13187dcb0b83a6ed856317e5bee716940e811724 |
| SHA256 | 66436a1a34bb16464111ac1042189d99de00390235c4109ba04e3f3a2d83d467 |
| SHA512 | bed901f1345725c6d627021b44451d28fc967838bf7f74388f649f4e52e67e7724ff7807da754d4a54f0da4bd40c33ba6272dd76d130c302c2706f44f58fb77d |
C:\Users\Admin\AppData\Local\Temp\RarSFX1\deploy.dll
| MD5 | f945c147a9fc387841cad1dfbf4e8d5d |
| SHA1 | c80176950df2d75d3808b068a59515b675b751b5 |
| SHA256 | 270624099bef280a7b918870d5f91b96e2343b7e99248d63f71060c85848fc5f |
| SHA512 | 5bb2287409fd9f234bd14c0326817143ffd9cd0a81b08bffa5d51c67e742f2fd1eaf3e4cabb44f70f57fdcdac4e0b7a6ed08438b4a09d74f857263ac9fc6b942 |
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\agentpackage.exe
| MD5 | f985bc11f5c253376832368d716887df |
| SHA1 | 9928845daece19eec3574663a5002b1f1ad2f1ff |
| SHA256 | 7834c16dedb88808908230d77f8ccf9bc33d91e423c73fb433791b4a91ab1fec |
| SHA512 | ec5cad6935161ede888c242fd123cfd88e25485cd9f924df2688e646b70a7c55180768583dfcd6d3cb467ca9736685088ac19856dab8026ecba02d5388f4c3d9 |
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe.md5
| MD5 | d0ff045223f7a464b8e99045311adbcf |
| SHA1 | 4a54d4dcc976fba5f621b0fb228f2a1b3d78e5fe |
| SHA256 | 456d61d9bccba69af0073dd2f83ea3d85189570e8d5f4a61da417e985e397353 |
| SHA512 | 579f055753e634e5ea66c844689ea9a5d993f495cb6b70e1fa3aad9a1edfdcf615f8a21c9f635a1224cab1edefbec485dcbc2745135c67b74081e398fe023b69 |
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\agentpackage.exe.md5
| MD5 | bbf5d2f19ba3939692408b5a55b082d5 |
| SHA1 | 60da06b28920b0ef1f668fdeeb82e908c757e54a |
| SHA256 | 318a1ed380d09ad14c444d398a37e82d610451f089c6e9d4fa8aa7fa72205471 |
| SHA512 | d3154dd9168fd19016ed40711455adbcc03d1276a42399fe7daf4ece0ab9914fcfe22b9a6c558d49ac74f348d109c715263b4459ef15b71673fc4714543c0c37 |
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\setuppackage.exe
| MD5 | 9d7304940c94412bf8b673d3eac550a9 |
| SHA1 | f8ee2b630e10ea85219b5468a026e4f9fba1e6b1 |
| SHA256 | 962deac26d2afa9ddf08795353a743b2799bfb7d05974737b0a9f7314ab546b1 |
| SHA512 | adcc520c2903c1b3afd496072a9fe80da7a309959c2a9f7538aabe69ead651076bd4b575d2af86991830aaa61ace25dc31e1141ece4fc31ec7f9e7dcebb8efb2 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\deploy.dll.md5
| MD5 | bfe1320798a188eeaec082af4acf9fd7 |
| SHA1 | 21805830b677338ea49d82bb435d8067ca51a31c |
| SHA256 | cfabb03e491637c2fec910db0194dbd3e7e3123affee2375629268634d3503d2 |
| SHA512 | dd1b64fecc103ed290cbdb7254872860cdafbb67b975eea88c094e686313572afbdd13fbab5a7d7b5ee23654c4fddab080af4be9b369771e9b0d8888d283d531 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\bddeploy.exe.md5
| MD5 | adf45d21ee156877a30f4680b6a742fa |
| SHA1 | a7b9b151e087041f6bba5a8539ed26d4c5b6a373 |
| SHA256 | f22a08394a54e58276d9ad87de2b0ad691c70774771b0e5876e5f8854bb3d594 |
| SHA512 | 516bb29019971a72b995c53cbcf65eeaf5dd233568252cf0a287048500eaf113944f6d9c2ebf39490d30df7a8f776b0bba07807d3d4f385b8c75b52e5663fb7b |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\agent_launcher.exe.md5
| MD5 | 46300d15f2888e56873e3635a808bf3b |
| SHA1 | 25c3a21bba8c2222561a4f29d19490ffd908a159 |
| SHA256 | a920f077ba2a9715802a3a8d83ffecd7fa1f8025a4459bb8db1a739e2f712fbc |
| SHA512 | a98ba740817a6d9613062b870c86e616194911ccc653da55dfcef5d5e2a384dc0edde197b3ad50ab7bf8cf3f88dd23ee3187f94cf63ca86a8f441733ae214a92 |
C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe
| MD5 | 78f76b6be4fad6675e1143183d15ab3b |
| SHA1 | 665f96cf8e99cf5ff5cd17c37c3c849cbc02c708 |
| SHA256 | 50930b96f2c678175df548597dcfd4e386ff62c6510b80a5ecf84888818b73a6 |
| SHA512 | 75d1046705ebeba4c3873e91b7217dc59b3cec8f97f59f5deff1bcb6007d5e335f842dcb46a090ff06b3a38c6189bac5381a2ea8122640aea5d50804a6cfdfff |
C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\setuppackage.exe
| MD5 | 2fc7df1d2f814c097bfa3027e7293da1 |
| SHA1 | 77718fbd1060b9759266914969829c1b9dc3f257 |
| SHA256 | 1fa49e02ca28b73521e03d647af22080c1818fcd54b87952cdc48bacd367a4e9 |
| SHA512 | 1cc3e99d13debf9603f7761a8fc5e3d764e94a14d27ec454f02572618c24403f409ab1e8b61169dd43f7aa680007988297a2d5ce25af29ab786b1fc5b06e8380 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\additional.dll
| MD5 | cd10f317d54a8ba35e5ce85ba3b60220 |
| SHA1 | f1c33ddb09b0b30fb99917d2d9b8b0346fc20373 |
| SHA256 | ee05132599596b99f595b0ecf7783e7e119d5d03519b12fe9f3dbf5deef6fab4 |
| SHA512 | e9e56ce0b9a61283c18acaedbe22cf068a3b078e0836e3c0c2ed75d1a3e9199d834bf107321418c587cd235570b2ff48f0f04763d1ade475fb1a97255b2c479f |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdnc.client_id
| MD5 | f4c2784aa289f17d144a589751c7980d |
| SHA1 | b414dd690863acf3614c25c911697f1b16c24c62 |
| SHA256 | e6e827f81840ce8975cd5e30467ddc1661c3f407cd9d342d00800f32c01dcc26 |
| SHA512 | 3f3f8f8ae91d679745189722c88d97d19e8728ce3289deda2e89a79061ad06d0a627a9783a9ef2a833f6a7843d882bebdae77d178f3d810b581093b299f2b70e |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdredline.bdch.json
| MD5 | 3266bd308834ee8d251433b44ee0a48d |
| SHA1 | c271fbb539824ff577752d2f82b1b498a9ac91b7 |
| SHA256 | a773cf585925921309cc117e59ee87c56ae7e9f7e7532b4fb153e4ac72dac76e |
| SHA512 | edcba4498e553b4e6d9eb28b7c29e880b04ab531435c50685d638769ac5ae74c6e3de8c02ecdcb385d05f347b27f2e1e6bab72ff45a16642013b28b44fe85321 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdnc.ini.md5
| MD5 | 3a0a7d7823833be6e8af5ab1af295139 |
| SHA1 | 1895dea63fb05e7e6f90e052936de086874c4c75 |
| SHA256 | a5f15ba3b16384b584780f2bbb0ef3e7fd49ccabd0b9ca10437882f65f49c7f2 |
| SHA512 | 0d1377acaf8c5062e4ed7b3ad3fe0fbae594b6ce234aa9339471a31c63d6ea768c6cb2ca24820fc7726282c7fbbd41da29242cd3c288d7a0e8cc6b7e49c9835d |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdredline.exe
| MD5 | bb8bdc561394c4ecfd2158d228da62b5 |
| SHA1 | 34b46f4978ce08acf9c2218c22e8f2bf0d24a745 |
| SHA256 | ae283b45d858cb916f27b724db05049aceb424e049cd8c8a9b145547299f03c6 |
| SHA512 | 8d02b3957c3efa279dccbd7aa521c372b03fd2afc2699f29bc178caaec8414baf0405987b5673b8d8e29c94bf962b08b36424ad08d0399b02b4319f5e7c5467e |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdnc.ini
| MD5 | 758591d297b16ee7b5127f2fe3e67a27 |
| SHA1 | d782a572579a9f52e31bef5377997c7f9be28790 |
| SHA256 | 2c6224951714e685114b51c4e598c2bad8c7bc16975f7401ac51e101afcab837 |
| SHA512 | 808f47903ee90c68939aca97ca06b1523bc5355d7de6c1b3ec14d0cd560b3bf77abe7c429964176711b91bf6a9bb2a1a9fe22206daa465ff2ec55e55ccc2eff3 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdec.ini
| MD5 | 96d15c4f3db04429631866751a1d2890 |
| SHA1 | 61066ffead2b6859e4d3fd497a78b05343ccf25e |
| SHA256 | e8d31c1de790f738ef75daa0402584560a0672402d0d3ded0899d2dbc95fb911 |
| SHA512 | 2e5c94e2d92eadd28f604ed1f04d6e2dc9d9a4ffb3c2270e9d19792ad41c0c536260616a17b433f4f2bc57b31b116ffa06eefb61955b98029f15593db4122189 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdec.dll
| MD5 | e2a0334684b05bf05a953b80a4832d20 |
| SHA1 | d29dec0042c65ac02c411e4caed37a5e1aa84d5b |
| SHA256 | 7dedb34158f800166567887c7a007a85eca0be379d20d51da3230f66c6b094c0 |
| SHA512 | 0d486947d1c87ee632930afb49dae1061bee5b271e16a419c9e37a92c7083509de3e8980a73f8a9f2724421612f2cb9d33ea4156ab5c3afa34e4a98fed84ea92 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\bdnc.dll
| MD5 | c86511990365ac18cfb527e41a6f7eac |
| SHA1 | d5119c749ba9c4f4a91120381cae151ce8cb82ad |
| SHA256 | eb247a43d0cfd0662559f1e3a2bb6656a6b7d465c8d404d5a3ea090daad78196 |
| SHA512 | d76df94f69421921a04f768b04120cef09db6e6f8d8a930033893766444029c0be9c86250e49e9ea11c6d804cd16f4676ab0be860486d22f4992a65deaf30df5 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\cs-CZ.txtui
| MD5 | acfe51999ce2e2361e5f13e9b4fed750 |
| SHA1 | 82be366bea26ca1eef8c35ca2f26a9baab8551e8 |
| SHA256 | 6db99180a45cb0116807a7d83702651468a1982596a0187d2fd8b9fb9e3623e8 |
| SHA512 | 5494f6b520767372f67b3f98c2aa80b35a53c8f7167a80f2b9d9908045ff412e5348f9f69eccaabe14433c2ac5ae826dac4cf71d3681b8c120c763f34d62f07d |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ko-KR.txtui
| MD5 | aa4f830df7541223c25856a2d28b2e17 |
| SHA1 | e0aa7bdb69b0096166998ac3684dbded63ceb872 |
| SHA256 | 8b3d7909a22d6de96eff2c7880806aa2c60b69d304441d78f62976d023ebddd2 |
| SHA512 | 29cafa55463461e0608fabf1e61638c73b78cfba563b608225d53ceb7898a24309a3e0ecd635ed4391e287cc096f3ea49fed7fb5ac38d291348348034ea33fe0 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\pt-BR.txtui
| MD5 | 6aeff62b201b5177138456d25bace1c4 |
| SHA1 | 49ad9fc51c2516062c8b7316a1d4cd37f610f9d7 |
| SHA256 | a35bb6141e50e60abaee7c5735c3e721eff4449b0afe25737ad13fab0a66f5eb |
| SHA512 | d34e4fdbd456bb8687e7e722cd99353adc67e36a5005a86e3b1bc7255ce42b8967845310fec71f3405f6844b035c171996e844374c3ad47e035fdcfc622b5a5c |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ru-RU.txtui
| MD5 | 4743451ffc9d429770d4a4e051558627 |
| SHA1 | f9df9f5695764ac6ce8790b4b589af790a4280cf |
| SHA256 | 0883c4138419e4a15fe4821be95ed408b13ddfc3ab245cee15c572ad9b4296ed |
| SHA512 | 4368dfa61e80fa9a358189da7aa74b4d9d5c9ce100a25011620c0988719a18cde4c3c34f946c939c5ba5a41be20b8bbc2227d31aab07a322d20424c2e3c460a5 |
C:\Users\Admin\AppData\Local\Temp\RarSFX1\packages\installer.exe
| MD5 | af850a5433c3ff2e33bc4222e14800e2 |
| SHA1 | 74baf15228a800287d13771882bb4eefab75010b |
| SHA256 | e19399997dc084d27126835a42b2e478a37223a6b2f649fe88490112bb6318ce |
| SHA512 | f3ddaa6de21bf615894f638a2ab49d60a914ce30682596f3a2c5b8337ece1657c649c527cd99ce2b7db1dd3522caa4ab43afb228e1657f6fa32eabe2188b3b25 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\ProductAgentDP.dll
| MD5 | 0e170e693a13fcf60a3cd246a24e8822 |
| SHA1 | 61829794e5d968c3c1c106953002c2851e1a992c |
| SHA256 | 6a5f84c751142ecf5bfca2bfcdd00f472fe03eda81125f4561fd7abe4e82ef86 |
| SHA512 | de97f1e6d1b1675dbced1c35f4916e74fbe7e28f049a3c6854a6ed1c74cd834a1a83e4642450f46f9a7da85ac70c4ebbcd42db55f3ef530c76cc76c714c4bd2a |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\unrar.dll
| MD5 | 02976926dbd2950c19ce250688b210b4 |
| SHA1 | 70edee2b167e2c4d21f0816d353d06a562aeea53 |
| SHA256 | 03a9116627f80d4c1ae1c42d341ec5714b0b5c90f6d9defecc1213b5f885c437 |
| SHA512 | 1d098c89b9849b77e67ea480a588ca4af72bd4301733704f5592311d9d897e195017cc34ab965420bd29aa9b771ab6428de036931e31156cab6d6d736c11c554 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\sciter.dll
| MD5 | 258e030e1961923617df3d6ee6dc1e5c |
| SHA1 | fea5a96214480383fa1aa5ff674ad3febd45aee3 |
| SHA256 | 3eeebdf2a76db3ad7fe70fd72ff2badf495767f0e75d8fb2c3210fb8b541a2a6 |
| SHA512 | 9269f481a52df490539f65cb71dbb5c582ee7d446c5b5af38146c210b2870bde6a12bfa9df0f3ea9376e14bacd3c5d3b9b42dfdd1904e9bff835c117d97a88c1 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\zh-TW.txtui
| MD5 | 6d14e1148f4796cfa3348078dddf34a2 |
| SHA1 | 7dd9e51bcafdb03d6f55ba87e721df090d6cd25a |
| SHA256 | 7cd71327d7bce991959986d56dcd0e1ac21914fa467b1e4c259ab3635436788e |
| SHA512 | e2dde1930c5b2128a94a5311eab159b8a3012ad56f1e48de49e7f34e149c2c6ccca913906510419a92f33e9a7104d6b6d9d4a479ed4411e8948035b06f2d7825 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\vi-VN.txtui
| MD5 | 5a92744a7684d91f58df4840c172cc7a |
| SHA1 | e2a3e60b179b4d24d4c5621c204d1c94a0372ae0 |
| SHA256 | c0c93c0e92196ec057e62f46c0cf4f9e95fb9d70fed441f2c570c77f3e5ef982 |
| SHA512 | 04e406bd9ce1f06d003692bb6f2e916fe67f939e8f25ca28e79cd298364ff595e583a476068c16cef51c9a294c3f0ff4dff4fd6aa8698ee32599d85f3cf44cfa |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\tr-TR.txtui
| MD5 | c672b9fc2c06a13858cd470bb86ab975 |
| SHA1 | ff79f99879bfdeee968872bf261ef71e6c693bb8 |
| SHA256 | e207a98a17715be9fbc394204fb1051e56395941c8dbc7c380974582c857ef6a |
| SHA512 | bba717b06b564cba62e258f30dbe58e287f8bcb65befcbea8d91a76fb435f4c66946f460df6a88a8abe46465e9744c278119f9072b2285722d4ecee3c8f02a59 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\th-TH.txtui
| MD5 | c3a4a5cec283fc18f180d09c594c9de7 |
| SHA1 | 1d8f2164bb6852eecb8e0edbd3463165ba349344 |
| SHA256 | 65e8f499c6989ab449ad88bc9d5a1b42b5c8cdf3cea4e11e4cb9d9184ececd6b |
| SHA512 | 9234064a489fa1d17909d7aa3d619a4daff2894ba6167b0d9b48568818e03c55599c46c6f9c70765df8a4da0dbc40a4f03132eef973ee1e9886799e86be5a679 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\sv-SE.txtui
| MD5 | 2242b3ed175f47c015fe9520d1226698 |
| SHA1 | baab2629196987f355743eb1ba76ddc93913617a |
| SHA256 | aad84dd6a41125f046647e0ad66bd7a783f7eec9f14f2522601c5b36b739fba6 |
| SHA512 | dca52df895ca92efba0af47961b6f1acc57f9813fe4b3ae9f35285b664b56989e9421f218c08f35ced05063039e7b3e7d57bc84e850c08e7dfba3aee4b3e13e3 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ro-RO.txtui
| MD5 | 981c60313dd23358f54b11ae8152c7ee |
| SHA1 | 231393e872bec01b7720d035a44168d0f8ee6589 |
| SHA256 | 91b2199f6e647c9e856a52f8873e4e498c024a4fc93b9ad04fbc8ed331e6cd4a |
| SHA512 | c0dc0f66c7a9958356b794eb3097e4866a3a2ca906aae96d27cecf263667e36edcfac111d3dbdf94849e58e648b2c64b9cb27d66861cdc60bca5fb6cb53df735 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\pt-PT.txtui
| MD5 | 98b822769db8924bd6691452e869cd6b |
| SHA1 | 132987e08da247718cf36df8070f921d2e3bde59 |
| SHA256 | 4ae43bada5e18aeaf311d5dddc3dc9711a4ad1a7091a88272a4b68d9fb063528 |
| SHA512 | 5149efd86f82250ca5a1fe5a39c1143ec34466dd59358cc9a13924e072e2549bf541675cee44d2784cfd6c737263369929fbc24372fdbba91fd1141a8cfebe24 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\pl-PL.txtui
| MD5 | 5658cacf2c22f48391c1828f6f159e68 |
| SHA1 | e647906f1fb69bc457eacc1e914edf6e1d71acc2 |
| SHA256 | 9ac366095f3947e930695fc5936c3db350edcfc3d2a1bebac27fed60a3113120 |
| SHA512 | e08e735b0df8e4b4985fab3084d5be9d5abe6e8215c5a60002b9080112fec8ecf137246d5e0fb39a9e38af27a7a8ac9e5d0d5e927240f8973ce54da3420e1a6d |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\nl-NL.txtui
| MD5 | 5cc6bfd1f84adcbb9545f57514e2917e |
| SHA1 | d7f94e0049904f5022b2501d3b3592838f74f3c8 |
| SHA256 | 87f0694ad48968ca5f635af0b2176a1fa07bb0912e74878a525f5c0ac11e75f5 |
| SHA512 | b3c236062502b0279a9e337acaf20dca6607c2b0260547b44a0ff6a66a7a40cfa93556f085eafa84247f91f0ae2324d4e32aeb028c45a4865f195ced98a6672f |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ltr\resources.dll
| MD5 | 72dc57d6b0b7a541bbc8f4bed42ba48a |
| SHA1 | 8f1269f8351cc6db6f624d5f4bbd2881ad65a15a |
| SHA256 | 075e253101ba416a8a3b572e08ca5c371a8cd27cf473be319e7cc88982523a00 |
| SHA512 | e198e144ec1043ca1206f65af5c2b46bc8ef4a957c51b89b3d5f74f72f7b1d4d7e2ba765e6e28cead62a4dfe5cce571961366e821504ebab687eea50b7c3c26d |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\ja-JP.txtui
| MD5 | 2ac9c41e7be72ada13001c20a3022802 |
| SHA1 | 10a7b72ec6ceccff31e2cee5248bbc03c542631f |
| SHA256 | 06ec42448bfdbf8d63766bbe8fd8294a2d899b72d017ed1472660d2e28b3721d |
| SHA512 | 0cb97c2231df29b4de7f9835d1ab0a3e41225a38b846668976b5968c50bae2ca2ca3997b1fd27426976135bd3ed1069fa288527513c4fb6cb24c502d22daf6a6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\it-IT.txtui
| MD5 | a5014bcd27fb8bf46992454145fa82bf |
| SHA1 | 0b593e1631f8889bff3843d104eac2e471fc5239 |
| SHA256 | b6747c96bf9d2fd280ccbfe4c8f11502f293eb82f93499135cac5d8ef85750ff |
| SHA512 | 5f9136601e04715271f121258ae603a91bb63acb1a46e065e0a44a96aa61c5c09f8afa0cfb4ed88e77a3e4473ec2e5710af32561deb22c503bf76f59a4bb2c5c |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\el-GR.txtui
| MD5 | 2ca070a7ed7d91b6baf38979d8e76cd2 |
| SHA1 | ea689a87c8fe6f111bcf7b346d93e4e9c1d95dd5 |
| SHA256 | 798db29b0bf9fa369806ad5f9bd48d1b2f32c2792c143724d050771cd374b16c |
| SHA512 | d7c7136d8a0eb96ee9eba56404bf17ad67860cdbddc4668f29c7a66444f8f19f348b5e21b9fa278da88a0bd4b7f91c2ec0d0b7dc287cecee72a63d5af8fe4268 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\de-DE.txtui
| MD5 | 5eb63b027646873e5c3c0ffa1a6e3ec0 |
| SHA1 | 68f8e83c8d97ed0460ecb9d70a1bf9f25cd7b859 |
| SHA256 | b26fad351307301bff6f8632f3612a90f00cf9e4bd5636abad7a9f84a788cf8e |
| SHA512 | 6182ad2d3657664e5d39fa8191468e0594b7a79c543e71e63414ce9cc5f6f95e25204375af3583596d774e6f3d0aa0c0ad915b3f806cf68a05f81fa9c1db951a |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\hu-HU.txtui
| MD5 | a23d96ca0e8babdd67e6768baa6c7158 |
| SHA1 | e879bf1a86f0b9d2fa92f0d2f57771bdb1164eb5 |
| SHA256 | b00d62241bad1f33fc6710468910c2a789e640f99be5361f5ca351893b133761 |
| SHA512 | eb6e90396374c9bd94c60a6ae69c8d1aba056ced80a9e65302cb60075b92041608668c54f27d186ad1b21d66eb65844f43282e6439801350414296546a8f6c0d |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\fr-FR.txtui
| MD5 | 7b9baeef229a87c12b73f29e8b598db6 |
| SHA1 | dd2a247054248d2466885f63e821e2cc01c0f6f9 |
| SHA256 | 7168899eab467f9da09a0ca8090ae2ebcc98798ce943438afbbf4d4ef947c9c5 |
| SHA512 | b6a7e398855c16c7d39ad00bd93422fbc8af18316cf107d94967a2295ddba22dbf3e0905fbd7f328d4345f4e9e0a6c0d3c5b84ddfa91660499bd2539be7a12e6 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\es-ES.txtui
| MD5 | 79303484d4afa7e4f89286ca3fd4841f |
| SHA1 | 9eff33b428a6e8d9f98631932815a98b248bb78e |
| SHA256 | ed7a5d941e172e91f8f2648dcc7927c3fc6fa4bb8c51723ed880573a404b5789 |
| SHA512 | 2d5e51fc37dcda52bde4a5f360a97714faa4acf25903bbf0f71646c36e73566ffbf02a74ec63208e88df22343d4090d5d0fa49250b3b6c918de165355dfaa454 |
C:\Users\Admin\AppData\Local\Temp\RarSFX2\packages\lang\en-US.txtui
| MD5 | a3caadd2145dca3c6ba88ee5db14f53c |
| SHA1 | 1d6ca8db89092655be13dcbdd71abca63cbe6d76 |
| SHA256 | 65e22f722245db258c88750c1a5e3ff31d1ea0831ad0a3e6489885e7c3d6ad6d |
| SHA512 | e4c1b1d4b77e9eef9ec3821e59324e839baece4f759fabbad2bd4f270acb858b2c0a14b2ae28e56aa1212ff75ca07cc100ccd70c24d58ed49a1d392ec4a3c78b |
C:\Users\Admin\AppData\Local\Temp\RarSFX3\packages\data\params.json
| MD5 | 18e8266414333217c3ee3890f08f2b0e |
| SHA1 | 522f2dd954cfc578eab7ab130767a106eefeeb08 |
| SHA256 | ef8c5889b95e2aa2f1369598d8b0c65ccf7b04579821983a6286d686b2c84dd6 |
| SHA512 | 5ed43c1fc64c67d41403b2b3c0bce64aa68415ff0583a354a9802af56e4a16a1761b3f73afc51539c132aec7247d1ce932430411c939b0756510b4905bded0b8 |
C:\Program Files\Bitdefender Agent\27.0.1.266\settings\LoggerConfig.xml
| MD5 | bda7be337da35949bb617c42de5fd811 |
| SHA1 | bf5e6c6a7dc9f9ccdb6207ac0d31a1aa76ec93e6 |
| SHA256 | 54e2f0d07609a40a45bb12d3a271eec1fb9021f62b756a4bdbdc42191fd79dcd |
| SHA512 | 19b96b62a4055bdf254b13acba70fb8a4ec606a45abfe4fbf97c29aeb16a9e12d4e2529339f7571f62558559111f493bc52797388bfe629194cc89fb9d1b275e |
C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentService.exe
| MD5 | 33bc0814d3ea990455a2e956a24fb71a |
| SHA1 | 09f9d7550d82512ddfdba4aafcb538a9eccab342 |
| SHA256 | 79a1b5b25ddac2372655399805ee5f8d770e1083440c67247d7ab5a659909f37 |
| SHA512 | ea5a8cc2cce28e657d776d81e4d9865773eebc473a6052989d6f88b246bb907f9a3f260f7a816d9e30f752738e0fc18126e0b024f8e628422a58141148b5b5d3 |
C:\Program Files\Bitdefender Agent\ProductAgentUI.exe
| MD5 | 47f4ae0cf87bdc54a2ef7c4f4b11737f |
| SHA1 | c3a9389a6614d0127253d5b6092752dd709570e8 |
| SHA256 | af2928fc85499f5e63c78147bc5f971e9155004f557db92a9bf48da6d912431d |
| SHA512 | 676619dc3d1c8f7978760bb5a26df62e87006df8c1aa4e6223204f11563dd284c17921e997fbb4f3923785c507b133dadb4b142467d8d48e5efab3b7f7dbb5cb |
C:\Program Files\Bitdefender Agent\27.0.1.266\bdch.json
| MD5 | bdcf2d58ff16628e5cd7708a446c5f76 |
| SHA1 | e61e02bfdd932ca3b605b1486df3206439e52463 |
| SHA256 | 352766658355f0ffcdab30aa0ecc504f69b4ec5c02240209ee168dcb69c56e91 |
| SHA512 | f4d1a4ffc57d413c053a771356dcbddb5cfadd9692c2813e9cb05067583ede86afa9da590060ac8aa9dfd34e211d6907e85d00ee95099e96b1cdcf7621223ddc |
C:\Program Files\Bitdefender Agent\27.0.1.266\bdch.dll
| MD5 | 3e42b901cb1c89e5994649703aa27d09 |
| SHA1 | 2df41dc5b36165fa2d3d02f2e5eaed6e33f435b8 |
| SHA256 | 3431e5ae5302dc04aecd77b1e52c2783c316a32e90349a8c418fb0e16e53a660 |
| SHA512 | e7ce58642f32bfcedd787d4c512945d2ec0ee445a9a65ede932196ea87395812729dc3fdb0a22fa601ccb73a9372385b8bdc844f65ba61748175213e7f838b64 |
C:\Program Files\Bitdefender Agent\27.0.1.266\bdreinit.exe
| MD5 | 87708aa959b727dcbaf61e1e70e39102 |
| SHA1 | 41742e628b8e5148e7dc79392bb14b51344418ed |
| SHA256 | 6192ff8a25dfe8fe1f8ae025fb727ac29e69dd8f6702e89793ee9c27d09b5109 |
| SHA512 | 0a275257fa5baf92ba982e0d450ed1cd148c106b8a3170f30588df11089cec42b56e2371e62f675db87315622ddcc58bc42798d4927689a8dd4486abc5146b15 |
memory/6528-964-0x000000006EC20000-0x000000006EC30000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87edaf69d9d970699337d9b6b58d9d83 |
| SHA1 | 80911334ef0a2fe3c37b4d64e5e70d8c38f4e38a |
| SHA256 | 0083da9aff056050029af102e4969c85b21dede7398e1747e0d48ce4a004a548 |
| SHA512 | ae3df80c07858747dfe5975ff3d1d30c5c9b90a13be033f9e149ad64613b8bc37da313262edba57e9db6e1b28bad13f1747d75a13abd13000fb275c706ed31b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\9beb6566-41bb-44d3-866e-a4e70712bc21.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
memory/4992-1292-0x000000006EC20000-0x000000006EC30000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d167a0fb1c107b23462f0d8373fcad12 |
| SHA1 | f9fa8d79f0ef27e77d4a9fbb0836a862df897a27 |
| SHA256 | 4ffdbe167ad4d3820be3b0692f45e08115ccb9e9aa86566c7e378fe0349a8864 |
| SHA512 | 8d776d5f0fc5899dd127b9a556fde09ca9a7a043f4080488f064759ae8105c011648108677de237e5cb1276d2a1964a43bd3c11b4884a92236b05269549a9a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4a0035d05232bc99024f74fba7ee66c |
| SHA1 | 3fff886ad871f9260ea08be046d43aeac38927c8 |
| SHA256 | 690a3335e1f8aff8ebb45d5cc8b5116946358553726a5e6334cefcf8a9484034 |
| SHA512 | 6b2bd32b128de2ceb86d4886ad2bf523f6578be62c23cdcc38c31e231ee87523c95f6aebdced793bab394f937003d955ad85e5ce2db73239ce197c7ce5fa754b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ed4119f9ac075877ee527208199d4ea1 |
| SHA1 | 11d2ae5d8ff4c1423f7f9d55e964610017aeb10b |
| SHA256 | 4ce35b6d34fc4f55e416e6ed61190862c2ea1eda26a58cc78a448a0e4370cb2b |
| SHA512 | 76d7fbe7049604fd4a45097fe62defd7d39b07bcabe12d220a9a9fdcce2fc22140519091cedf89fc1456ab2d51f02d0dc7e0b27efb1e09eff33444d8a1554df0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0bfe6baae0250d225c8ab1c92381b1c0 |
| SHA1 | fa198f896787d6bdf60c75a99b05436aca6d49c9 |
| SHA256 | 5b59cf7f4d19249c39181ced4326fb323b474e3ffba235db8459f1bb29029b84 |
| SHA512 | ea8aa75d6496522d0eceb6b50d1f58cab109c95807d251fe45e68c83ee3b586dc899b1eb838e0b1e4523b76f5f24e2a2c50fc9daa2368eda798e97084e49c8f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 826d35fabe03f3af4f12789cae3f0cd8 |
| SHA1 | cce175ceb4b64b10fdfe75f1ed3a53c14226c858 |
| SHA256 | 356515599861f4cffa7d18238763e4f924cd50bca2c34bcd4a73310ff9bb5769 |
| SHA512 | 04fd9da7d33216a4428c13b1486e87cb9db36a2b4ae5b9c1fe50ff4a1cb2a9eec4db9bde3ea5346ec11a8224824ef8fd01b5cdf61b174c8b17ac9ee75ea6415b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 217dd051b6f254e90426893a97f6b77b |
| SHA1 | eb2f82c112171a5cc193dbb8159c79633d8c309f |
| SHA256 | 813fb5f75784bb15ba21159a5e32b543ceed6b00791e8d5a131f769e31da98df |
| SHA512 | f638457058b3a6a815fd5bbf5afb0847bc9b9c8c56f2e079136bf3dec01f2d9e8bae63ae8e31f140a84cb948eafcb6756585defc5e4919df4fe6f1bb6b6452c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 7531ed65b939aad7b333a3be7af0ef6c |
| SHA1 | 6a8691858d4ec193574885c3cb2a8f57de83b34e |
| SHA256 | f9583cb3becd1ca60fabc71658e4d8423ee5460f90aa0c6c566f64bfb0694b93 |
| SHA512 | 85ea169681bb3a76302b86c80b8c6359c9b8dde14a393dd46b86d574d6752e4c4460260760323f6d65379fb413834bb03401cd68ede8f5bce61335ace216775d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73dbd45fbc232410338b0d2d66cf14d6 |
| SHA1 | 1418f88ed5d87b8f7bfb283d38e0b16ec114fe7d |
| SHA256 | ccbf262de173078df56f2a6ee85f8cd6e1b6f1b0511415facd2dd0c4e4e0c257 |
| SHA512 | 413f95401be166a03172ac43c38b2829185e006757fb1bd20e36377dc5f146b12b1aa60069a07d383f21cd17ab9781fa1aa74b3178ae4c2fce36e833f20e5cd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | bac15974735ab2d7d72c9892406d1aba |
| SHA1 | 8f575c4b4b1946a92285bf7205f5662b1e9b8ae4 |
| SHA256 | 8129372bdd34b8c26cec8ab49baeda6a9c609e0ff7bda13f1e0b1f6e6b9129de |
| SHA512 | dd60bc8fb43dbc0fb44e563122414b21d07db3254f13d0e154f8f07a110d3375fb5bb02038d69ba408f0b3a5b5c762ca998c19464594f18e055d255fe7fd57d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 31187118da2fb8907abc91e72df0581a |
| SHA1 | 333d1b08540c11d6a15fd112d461eeded9e13fb1 |
| SHA256 | 2972fd5710060d09c511b23187b23510d5d82ed42fd396eeb7db79ff20a40fa5 |
| SHA512 | aa34d94e871e2100a8ce94ab385a31eca55b220b8076623cf63544c3fddbb36e168065d2ecccf4abea2f6cf8991722b1152e4d01826c1dd5645580bd97a7fcd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | cf49a783c060c0a1e8393c818c5bccae |
| SHA1 | 99818422a35535e6af332abfb2df4cc0476564c2 |
| SHA256 | e4147fca737f77b6771a6d65724d1e48fa5047a1bff61245e46e2e6e4cd4b342 |
| SHA512 | bceff1d3af29a0a56013fd8da5f88779ff548f8158d2c728de137a8ed998016049c34027dfaaca35e84d258b39a8e60b09fa08f4260b4688e97f238a7fdda16f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 030c93ef2725c7fafd7497f766137a3e |
| SHA1 | 2ffd893c82c82d073c53b58e4f152fd0b47926fd |
| SHA256 | e759149b8b90b0b82ce9a90e30bfe2c27d8618967489812bc3fe62f11649e255 |
| SHA512 | b96aa7a5e15c760890fadc9e4c4e4ada5e1dbcd729dfe9d89bdbacc4927cc22776472ca4b80c453686adfeeeeb9bea46ee6251b1257324b87e7ef7596bbcf35f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | ba2bb3c4f758cfa68b5498c0cd38fa94 |
| SHA1 | b885775204791088b8893c78038e522663c3faec |
| SHA256 | b37657825ef48137aec40c54e98a7dfdd6fac24b4fde0394b77c45dc1c64d699 |
| SHA512 | 318564333df4454356d6ad36667591433efa1c5e230b729c9275898cadfdbb1383ca4eab16f865c641da7d5745dc9205e8d90a1830af803a294618f168a6323e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | c841f9041cea970e1282f934b173ab76 |
| SHA1 | 1199ba38ad2ad15dda141ace6c1791a92b472e75 |
| SHA256 | 720eea35bd67f18ae094941a27b7fcf47ca7d8058fff3d8c81c84187510a452f |
| SHA512 | afd80e755cdc260f472f721cf5f759b06a30be795680d0c793907ab1dba2d3ad4188a3432760514b38336254258ed67fb461d236086987341f7ffa0163602f44 |
C:\Users\Admin\Downloads\Unconfirmed 37852.crdownload
| MD5 | c7dcd585b7e8b046f209052bcd6dd84b |
| SHA1 | 604dcfae9eed4f65c80a4a39454db409291e08fa |
| SHA256 | 0e8336ed51fe4551ced7d9aa5ce2dde945df8a0cc4e7c60199c24dd1cf7ccd48 |
| SHA512 | c5ba102b12d2c685312d7dc8d58d98891b73243f56a8491ea7c41c2edaaad44ad90b8bc0748dbd8c84e92e9ae9bbd0b0157265ebe35fb9b63668c57d0e1ed5f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f247e2365f635c23820b23297ac5755d |
| SHA1 | d398fb9f6ae1a6cd2cc976f5d5ff1008d5a42233 |
| SHA256 | a08207bd34eea8f3ba5b2b8727fbbb45c1d40771d80628d55ed3c77c493efa0e |
| SHA512 | 68cb650c604a06b9478fe1fd169ee96626186a5ef85486de8fb506007266e0dd9642d1bda381106f2e60608d3338f221110ec5252026b4c322906be5c7a66901 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3822fceb86d2e8b2605fc6b15c601dda |
| SHA1 | bcbe681d0f4ba8a772eef719696a00291df74ec5 |
| SHA256 | 946bca4422b6cacaefb04228a5166ec152c9267afd3df15da39a2ff5c7ee36d9 |
| SHA512 | 40bbba4e049efe12a78dff0fc38238a54f22909ee5239807a45f28efd812ff8e863a946cfb0449fbdb0008e251476f0cb22b42f3ad22a3d1402dd838575bf84d |
memory/6388-1854-0x00000000009C0000-0x00000000009C1000-memory.dmp
memory/6924-1855-0x00000000020C0000-0x00000000020C1000-memory.dmp
memory/6516-1858-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/3960-1860-0x0000000001F50000-0x0000000001F51000-memory.dmp
memory/5724-1861-0x0000000002200000-0x0000000002201000-memory.dmp
memory/4356-1865-0x0000000000C20000-0x0000000000C21000-memory.dmp
memory/5724-1870-0x0000000013140000-0x000000001320F000-memory.dmp
memory/3960-1873-0x0000000013140000-0x000000001320F000-memory.dmp
memory/4412-1892-0x00000000006D0000-0x00000000006D1000-memory.dmp
memory/5156-1888-0x00000000005B0000-0x00000000005B1000-memory.dmp
memory/3740-1877-0x0000000002070000-0x0000000002071000-memory.dmp
memory/4036-1875-0x0000000000540000-0x0000000000541000-memory.dmp
memory/6924-1874-0x0000000013140000-0x000000001320F000-memory.dmp
memory/6516-1869-0x0000000013140000-0x000000001320F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a08fd5286b661055c645c7a3803dab81 |
| SHA1 | 99339805d05eb297d82d1b559a379037b97da6c9 |
| SHA256 | 138b4a98e597f32cc3f72ae573f4c37a684825508f2e94936ba59c8dc35fe367 |
| SHA512 | b9d65809a0bca3b147b3c8c31864ce2f6c3bf2cbc362a1d96a6973e417cd4a25ee93b634b2034ba672882348fb52ea2b444243fc59c6c7db6caa9cb5a88fb08d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b00fc85fb693ef787abd48efbeff926 |
| SHA1 | 4b518c8d583243ff00a9b0f84d5415309cc99a61 |
| SHA256 | 2be7e5fdb4d6c86ab1ecd6b17c05e5af43f2b5015589a492a9600bc8c85a5675 |
| SHA512 | 96fbd1e9d1f050fe7120b50f05ca8252ca2e13d1d57a241bf372cb0bf47bf0c3f43950868a26bea403a405026971a6a9286adad2ca9ccc768195cc4cf53ff79b |
memory/5156-1998-0x0000000013140000-0x000000001320F000-memory.dmp
memory/2536-2000-0x0000000002300000-0x0000000002301000-memory.dmp
memory/3740-2002-0x0000000013140000-0x000000001320F000-memory.dmp
memory/384-2004-0x0000000001FA0000-0x0000000001FA1000-memory.dmp
memory/6372-2008-0x00000000005C0000-0x00000000005C1000-memory.dmp
memory/4412-2007-0x0000000013140000-0x000000001320F000-memory.dmp
memory/4036-2010-0x0000000013140000-0x000000001320F000-memory.dmp
memory/384-2013-0x0000000013140000-0x000000001320F000-memory.dmp
memory/4328-2014-0x0000000002650000-0x0000000002651000-memory.dmp
memory/2536-2017-0x0000000013140000-0x000000001320F000-memory.dmp
memory/456-2018-0x00000000020F0000-0x00000000020F1000-memory.dmp
memory/6372-2021-0x0000000013140000-0x000000001320F000-memory.dmp
memory/6372-2023-0x00000000005C0000-0x00000000005C1000-memory.dmp
memory/4012-2025-0x0000000002650000-0x0000000002651000-memory.dmp
memory/1220-2026-0x0000000013140000-0x000000001320F000-memory.dmp
memory/2920-2028-0x0000000001FC0000-0x0000000001FC1000-memory.dmp
memory/4328-2030-0x0000000013140000-0x000000001320F000-memory.dmp
memory/4752-2032-0x0000000002210000-0x0000000002211000-memory.dmp
memory/456-2035-0x0000000013140000-0x000000001320F000-memory.dmp
memory/2312-2039-0x0000000001FD0000-0x0000000001FD1000-memory.dmp
memory/4012-2036-0x0000000013140000-0x000000001320F000-memory.dmp
memory/1584-2040-0x0000000002100000-0x0000000002101000-memory.dmp
memory/4752-2043-0x0000000013140000-0x000000001320F000-memory.dmp
memory/2936-2048-0x0000000000730000-0x0000000000731000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1
| MD5 | b4a1a5075da15996485a33dc8d3f5e81 |
| SHA1 | fcb89aae921892f5151baea9c6e73f46de90e2d5 |
| SHA256 | b2d9ec4ba0aa53edcf3d983c016d4ebc808c68f921729be0f5e65c3337ae71bd |
| SHA512 | 085727b83e9d94cfbc109e0ea4d47e953cf91020aad905cd3683ad75d3544eb259c35447a78a66300e2011b1ef524364a32824db07310be71cde8e20fbd4ffee |
memory/7080-2045-0x0000000002210000-0x0000000002211000-memory.dmp
memory/2920-2044-0x0000000013140000-0x000000001320F000-memory.dmp
memory/1460-2075-0x0000000001FC0000-0x0000000001FC1000-memory.dmp
memory/6972-2072-0x00000000005C0000-0x00000000005C1000-memory.dmp
memory/5940-2083-0x0000000001FA0000-0x0000000001FA1000-memory.dmp
memory/3704-2082-0x00000000020C0000-0x00000000020C1000-memory.dmp
memory/4436-2088-0x0000000002210000-0x0000000002211000-memory.dmp
memory/3728-2091-0x0000000002110000-0x0000000002111000-memory.dmp
memory/2448-2095-0x0000000002200000-0x0000000002201000-memory.dmp
memory/6316-2102-0x0000000002300000-0x0000000002301000-memory.dmp
memory/3708-2108-0x0000000000610000-0x0000000000611000-memory.dmp
memory/3204-2110-0x0000000000720000-0x0000000000721000-memory.dmp
memory/2196-2114-0x0000000001FB0000-0x0000000001FB1000-memory.dmp
memory/7328-2117-0x0000000000730000-0x0000000000731000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | bee546932067720b4a9002e9a26a164b |
| SHA1 | 2be592bb197ef9f248441918a1fff1de3f6db11d |
| SHA256 | aa9cd878fd7d36c2bf049a68fe5853a556afc773815a999759b03336ff040b9f |
| SHA512 | baa67d929d1471ab53ae21ea52bbb55836ff0d7243cf8bda678b329322ac79d79f6a129a89ff0254aefc096979f9d926e33683c8e226e766aa39b94c29a020d2 |
memory/7688-2142-0x00000000005B0000-0x00000000005B1000-memory.dmp
memory/7696-2145-0x0000000001FC0000-0x0000000001FC1000-memory.dmp
memory/6972-2153-0x0000000000630000-0x0000000000631000-memory.dmp
memory/8108-2148-0x00000000020B0000-0x00000000020B1000-memory.dmp
memory/7528-2161-0x00000000005D0000-0x00000000005D1000-memory.dmp
memory/5680-2158-0x0000000002200000-0x0000000002201000-memory.dmp
memory/4436-2167-0x00000000020B0000-0x00000000020B1000-memory.dmp
memory/7672-2171-0x00000000021F0000-0x00000000021F1000-memory.dmp
memory/7908-2174-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/8176-2178-0x00000000021D0000-0x00000000021D1000-memory.dmp
memory/6436-2183-0x0000000002110000-0x0000000002111000-memory.dmp
memory/3688-2188-0x0000000001FB0000-0x0000000001FB1000-memory.dmp
memory/6516-2192-0x00000000006B0000-0x00000000006B1000-memory.dmp
memory/7924-2194-0x00000000006E0000-0x00000000006E1000-memory.dmp
memory/1852-2199-0x0000000002110000-0x0000000002111000-memory.dmp
memory/7184-2204-0x0000000000730000-0x0000000000731000-memory.dmp
memory/7724-2208-0x0000000002210000-0x0000000002211000-memory.dmp
memory/2456-2212-0x0000000000710000-0x0000000000711000-memory.dmp
memory/7700-2217-0x0000000001F90000-0x0000000001F91000-memory.dmp
memory/7420-2224-0x0000000002100000-0x0000000002101000-memory.dmp
memory/4896-2231-0x0000000000600000-0x0000000000601000-memory.dmp
memory/7924-2226-0x0000000002100000-0x0000000002101000-memory.dmp
memory/8088-2241-0x0000000001F90000-0x0000000001F91000-memory.dmp
memory/7604-2242-0x00000000020A0000-0x00000000020A1000-memory.dmp
memory/8212-2246-0x0000000000700000-0x0000000000701000-memory.dmp
memory/8404-2249-0x0000000000530000-0x0000000000531000-memory.dmp
memory/8700-2257-0x0000000002100000-0x0000000002101000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 20d8f75605a099564e5d70e22ef29317 |
| SHA1 | 47157567a23467f41a12a06abfef1d505c979d02 |
| SHA256 | e32c98292c726315a887a831cda2934885a981e08d09257448b6c1a5e1a078a9 |
| SHA512 | 465128251c8ef27e3f6baf6c545e920af1f1ea4d33c495bc63dc9024028a87267036f936e427e5e84f3d6a0c6e16d8d61f16681588338302f6138fc4a369007a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e99bff576d3da3b3def32d8da7362a6c |
| SHA1 | 55123895c29ce83771c596e82eb07b2f83046389 |
| SHA256 | b34fd9658c93e59f9c36fc368246b14684e0186ad22294726dc4bcfe04624de1 |
| SHA512 | efd81f6a28ae391683c95e7044fa464eb18a30db1515f6957417b3e5e5eaf42440c0177ef3717f9627bc146c55977e0555d47489506bf7fb25590282145b431f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82de96bfd73d707a313d71c0f3593b78 |
| SHA1 | 5297f682bb43967530db8d50d953b91b54ffc283 |
| SHA256 | 06a3d7336b08355c65182231dba8b6a1d18fa557a1a956d21f7744212cee25d7 |
| SHA512 | 6076cd64840e15dadeb69fcc0b441d59df52bc08f2cc74a4447798f88bb8bdf667e76865a57b9fbd0d7dfcd6bd4d6bb13221b472a7847de096c5af6e32cbbc90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | f67f9e3594643136cd72028e622a3a71 |
| SHA1 | 6957a1c55aa4e91e421707167f6545db63c25b30 |
| SHA256 | b74c18cacef79257dfe7301aaa46ca9381c508d3b6d66d8e498c095d40eebf6a |
| SHA512 | e176e324b2349f62db779fdf4b96f251546f9e3bc1fd01a12687100d32feb3f51a9aaae5074dd677c393c494d145cdf52a6998a7cea1c2725eb63c425ef292fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
| MD5 | b6f7a6b03164d4bf8e3531a5cf721d30 |
| SHA1 | a2134120d4712c7c629cdceef9de6d6e48ca13fa |
| SHA256 | 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39 |
| SHA512 | 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c58e74dd25e53bddaec0becd6e19217d |
| SHA1 | f686a7c4e8321ae1b9cb89b01019dc90680c48a1 |
| SHA256 | f03ab783f1e941595812ac5e508d634f7cdac3e0efce675ac6ce61c8be86cd49 |
| SHA512 | 916b3ec54be55ae9ad7fe1c86a52d9009aec9661fc8ae3a7eba916ef2e02a1701b44dfd7a1a61c8a1d0ae36e0fd40bfb33c21182eee6d43c47c406150374926c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | a8be9714877b4d4cf5fe40c072712d2b |
| SHA1 | 8abc33b346483e8db9a75123e88eca5ab6e0ca72 |
| SHA256 | a21fbcc8e4066edc31ea7007ace0bb78b33ced99fe017aa5defa640013419e80 |
| SHA512 | d6f071c6000630a943ec60f01cfc3f4bca374f455aea8c81363ace1e71eb8a6f1c1fcd6b8767d8854531c6dce4eb2940c6771e614b7d81eaa1ed2036732bdc49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | be4484dd656febae3aeefc965f705ef9 |
| SHA1 | 6b3179e545c0f635bdba7909dfd4a8dbafd7d0a0 |
| SHA256 | 37723e387d5f1517fad2982d1644fc7a11803ee82c1341d016b82899a3b27f0d |
| SHA512 | 1f0caa1b5f66a57c25de8306c0de0052da0548fdfcc0a2678bd7e70e7dca93f561430fd8c586ce8cf7fa75efee073f7ef891cd5b12adee49ffd3933a18f22fba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | aa63e514da738d2d5219e870a38c2855 |
| SHA1 | 6ca49fd9417eba277198f92005e4ec5cfc0b7912 |
| SHA256 | 117e234f8f0336626f4df52a586cea35e9d3ebea32243b28720a08da8483c6d5 |
| SHA512 | c554c98a1a812dbe0bf58c329ba9ad85f5d92a8640fcc45c993a63942f02755b34e1b52a5b7b325d5a0ad7f5b59eacfe33a3009bd4c74b11fb135814ca947e49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5fe343f0ae18f02b6e21039e6f158050 |
| SHA1 | a4d764a5cf9ceb03f63146d32c21f3e3f956d92b |
| SHA256 | 90804c48aeec7384863e0f8ca9cf0bc57aa1ebb647534de956f8993881734ded |
| SHA512 | e7087dab72cc06934fd9b466fdbde4eacd71f6c8e9fa70459172cc2c48770b7feb130cb5c6a305eb8f055d175fbc92ae0116dda99da07bee432cae01df3ea794 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 26792eacb37d8617f21058f9cfe59d66 |
| SHA1 | 7e7ff11c1fe0100c88658e4e88ba80a8bf5a7402 |
| SHA256 | d6482e55cd316fad41b9bb3c09726f6a33875f86f77a4c6f40c9fa8d367eeacd |
| SHA512 | d68edf8a7f612299756c7731b7d7837db22ae5f20930b8642dacc88d20b905dd937012601190d10ba2e0cc3776764c4cd619b995263714c2886e22d78f07775a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4103e74241c487604011c8bb00b3fd07 |
| SHA1 | 9adcae44597ba80e5d056aadda489162baf4d052 |
| SHA256 | 2195448a296a961c6eae89f814ff795c139d77d2ee4297413e95707c7c4b92c7 |
| SHA512 | 1ebd1198ec3f99c3011a7dd83f571353399ff2425c03bc154b0d1bd0eab0e8256769c4072df201a5b57205b66388eb70399a99fcb11c359700b3ef20402fcd7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8bafd8d75c062bb3972d3db751a1ec22 |
| SHA1 | 06d6cc2bc99fb12dd50b3dced21e07a1afb10b4e |
| SHA256 | 85fc53bf82787a37e0b917da22df78060bebb37abd877c8d25646eef59497775 |
| SHA512 | f7918d7ce624e3e165b2ebe9d64dbd2eb4ceb01a89d66414052466e90317df69aacf66d6ef169e0f72d3bc4bde22bf7240c20cc726244eb28b53c10af51a8c45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 2e1c17b489dc444d4d08201af5a68d4c |
| SHA1 | 89e541794a2f36afd3d9b997a608c152360b5786 |
| SHA256 | 521a5442480e6dc4c03e439a8dfdfaca6b7419e5fd11f993fece872d3ce03010 |
| SHA512 | 3e797ac5942d4aac7358752a3a3812f066b68e12ac584a208bc5efa949d3f8282d42d28c6ae53ad43533159361b9fe49ffcc652bfde5ed5aa337200f0e067939 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 2ad260ba17bceefc4ae9d6a7cee2b31b |
| SHA1 | b2419bc711166288e773f88b304ddf50adca6f9f |
| SHA256 | d13ea82cb16336d121aadd7a13f441199b3a4faa3e3d668abe1b7542179f1ab5 |
| SHA512 | ab9392ac5e2368247a9a88fb64152ff3851f05ff170e1c382ff1288f5c6bedc0df51d3cb870a919c3e7efcd7e1c604a520ae1854688776cea5ff504d402aa5e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b2
| MD5 | 352c9d71fa5ab9e8771ce9e1937d88e9 |
| SHA1 | 7ef6ee09896dd5867cff056c58b889bb33706913 |
| SHA256 | 3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61 |
| SHA512 | 6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | b55a2b00473f3f95ad2e40deaa5cc5e2 |
| SHA1 | 7f6eee9938a76df6866dc366b0b43a5b38cb52a1 |
| SHA256 | 20bf4c3551daac982e5e45d9c9a95105660c554619ea66ec5a0a86faf31ba50d |
| SHA512 | 428b01f8a473aadcb9f9089685577991695030cce7fcae96a3f70a518f526c54ee31e5fdd49505a17ae70614d152b3d1b4df77833f85abae47ac19efeaec6f5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 5eb36b2fa45464f5287ed5654b5d8305 |
| SHA1 | 90736116427d2530ed12d77707bf9ca19bc2de5d |
| SHA256 | a34774ed24a5bc14f5eb31ac6e0e9e44b2fce75b431f7562df626126dc31818d |
| SHA512 | f7ed92406ca6b4ee398272282607e532fe20669f2503ab224e341d238322f827404762c890a9ed9efe69fbb7fe8b13486d4c6c76b1da85d4750b1cd52ca4e2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | b793f2687c4379cebe189b310a81c65b |
| SHA1 | 1708d63b8c1645c04b91ea4932465ad4109b6285 |
| SHA256 | 2d76dfed7a54011e975aa2db7bc4be72844ad3c405ac7d6f5f6862a6a69def35 |
| SHA512 | 47bf9966afcc62cba64e0148b08a1edc3e37ab8e804dc5c3e21e3b137a71b759db706a1668869eb454163986e9e5f53a4a230d7110c00abfd6836393a238dd81 |
memory/9196-3150-0x0000000002210000-0x0000000002211000-memory.dmp
memory/11236-3160-0x00000000020C0000-0x00000000020C1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 4613a88442f1665da235920ad9d84135 |
| SHA1 | 3db8e206c4f00bf1c7ddf223c357855f681207a7 |
| SHA256 | d5b9b683d7cd3010d3998fc284cfd782128652b3e1616111f5fe813f449ae063 |
| SHA512 | a777d835aa86edaaed55c42aa004472f4aa4453357d2634dd4968aa50c1a6164c1d7fc5ef8834340faf820bab35921bf231ca49db94ed5a502da173d672ea4f9 |
memory/10112-3163-0x0000000001FD0000-0x0000000001FD1000-memory.dmp
memory/6184-3161-0x0000000002650000-0x0000000002651000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a2e1b06a-5c52-4f37-a6be-dead2012a786.tmp
| MD5 | 8341e9e8ab11ab54004fd8eb98f65d74 |
| SHA1 | c3ac6cd53be87ed3519cd2523aafa6f4e31875ee |
| SHA256 | cdf5ae0c99f6f0df3c9c3d52653130dcf9af81880c03e6fc72c0e3ed1f6abf9f |
| SHA512 | d48a33ea7b7b6d9882424fcb9029ecfb3c6c39701dd71332444d5bf1cec66fbc6253507eedbfedc828ea7a38229dc736970600427bd3ea64efbf09aaf6bb9cd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 53f59976f6b28793a2aab63d69161ab9 |
| SHA1 | 3c77eaa7d71372ae3473bcfa87c5cc15945f307e |
| SHA256 | 488ed4ff7bad9cabb2b0034a437e0ef428ad0e5dde86d793bd56f3a94b45051e |
| SHA512 | db877e495eee5ec27911ccda16507d883878137fe488c233142622573d26252ee0ea17404081b8475482ffeda17b23894304489624f5be2a0b7c09e866ca65c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | 4b0971bb892ec20c6f4c41ebccc7ec80 |
| SHA1 | 6cf608828f4fe9e70bece8371f5ae82239182dc4 |
| SHA256 | 3d5f237a66deb5c6af256959e90da2d3bfc2261e9808906ed6e4157124c7ccc9 |
| SHA512 | a0de04e1b8a7876cf48b7d53b6af6d7e5ce7ac28c2705b2750fcc639bad36853d30d16ed787f7dcf98f9e0a59a3e6eb5dd33c7b5fdc9734155ae3b79bfc32483 |
C:\Windows\Temp\bd_79F4.tmp\loo79F5.tmp
| MD5 | fcaee03e375ed88f91eaea1625d8981f |
| SHA1 | 3d8ced50c9e170316b68167cf333cd0fc7d7a4ea |
| SHA256 | 607ac4ec08217b0ce99e1e5f9b3798b7952ad913c2d58eea4c1595f19ec8f441 |
| SHA512 | c53196ea49136d25df9e1a0ac506ad060c1f0419e832b0dfaad434db4688d6202e9f45ee12056933d7868217c6e06474b4033255a74699f3728c00a5110a6c6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2bc872a2711945484679aa90ecba520f |
| SHA1 | a7550bae9ad616fc7660a0b8fb480a5be2c3ccca |
| SHA256 | 7869187ed975fbfe1590858a9183816b6100e6aa1d74e0539f92fe24803ff675 |
| SHA512 | 2b6c993aada0fb3136089dc935e8c579740aae2ea77cd3e5daea3891160b09c4303c008a6a2dd94f2b4b504c18b6987dc156517eec6c63e60eae050eee08f23c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 563b7c5d50e667577d52cf5f08d380bb |
| SHA1 | e718b57f56e6a0a2cd29c8beb35a85f043398cc3 |
| SHA256 | d44236f0ec75bc42c637ae6a2e8eca5fd3e5b90197fe47fc155f2f783541bde1 |
| SHA512 | 6b4b305f84f4406fa21859ca94a6df4add859c064a8fbb702140019f1a5f39f560ee07e88540cbed5d82a6391991cc379ae5e8317658b377bab7c897b4c19f69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 45a7e49fb040296bbf7cdf3d2c7a9ca4 |
| SHA1 | 29e31b40d2881a9092f4a04c569a6ce7d77cd4cd |
| SHA256 | e4814356486d84ba681ebb1f17cff3ff249cf47e5af9b7e214527cd3159b8a9e |
| SHA512 | 05ef2164b41f660563847d181193eb38461de45e18d4f23f6842c680f459ca76e87f0bbed10209db2ced4413c44561f12a823ff008926754e825fda522866254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 41c49d046abd784f5db06e07c88322de |
| SHA1 | 663e2a4ee99b26d749aaa6659806e1e8b2e87b7d |
| SHA256 | a76faad32d09db01cfb90ec850292721b4be1f7f7caf16d30bae9e38f7acc0f0 |
| SHA512 | a647b39c7804b22a74c5cedf3953a657500c7b04fe10084497148b36e5b880fc334e0e8924f37d4976e95ae4d785a19c38ea46584a167e80187bd14c7d1acb34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\27578007-112c-4c47-aede-c248be905d30.dmp
| MD5 | 307eea67f8c433d1ae6232772f04dbbb |
| SHA1 | b8940671413a439aa9e9409a2fc63d9acb5ccdd7 |
| SHA256 | 5837b9ae5b7db3bb9d558b7e174285711a8d1667223abf82ddac1858137768f9 |
| SHA512 | 163a280c2ead46a1ad83bea6f976a2e8c1aab91c10d3a830319a5cd812c665529d52a5a4ea0238a86279e3ad52abe84e91938aaef8a1b288329759e50160bc03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
| MD5 | 3ce92b699f345d772328cc041866b552 |
| SHA1 | 79ac3b5f7ab13ae9389249642cf22cdca43065d3 |
| SHA256 | 3821cbf607d8cf1246f542e660bad2afc1b2fe8022650b9a482dc24b3601aa9c |
| SHA512 | 1b0b19e0a26edbb2827fc3915c55500b6856246f1b1c0cd3db332ed0c7b6658277a62b8ea86ee6a4dcf8d1187dfa1ba770ccf4ec067f25f2750802f852fea8b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | e47cf1dedabc0b5ebb1cfba7d1888f4d |
| SHA1 | 641828eaa18fcdca5c32ab80a197530a3aedbb29 |
| SHA256 | acc9d40078a6733b5afd7dd8ef3af1ff4e0a40ad97bf760de0d67ada51abd3cc |
| SHA512 | ac977cd866f5098201b083b5d11a90f3a7fa802c14c6d98ac8621ea6a8d28cbff90c97ccabb8afbfde86016aa51d2f75311f5b9256f863dd6993b8b42e39f4d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f8967e51f1d20122434e3abb56cc0a5c |
| SHA1 | 8a5cfe472eb195d0ddfe7702a7fd109d4c854cbe |
| SHA256 | 35abc3b9e39ff6282971417f3854ae00db6615c38e21b0dedb2eed5d890b60f1 |
| SHA512 | b44c748bcdfdeb09c600d634a412ee9bc2a0bc64c7e9c324fa2dda15b53247b338e7dae4ec8d54d6a45e2dee51fb7366c8477162e4453945bf3fe9dc266587b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 6dece3f2b074a4cb73410a8ca764312d |
| SHA1 | 6917f5f67ecc542c3bf0806c4a207720c115a421 |
| SHA256 | 5b474447d5f4167dc0c15dffd50931f8dcf539c033034d9aaa2dd031f47b0d19 |
| SHA512 | bf25f5054315772db8ad45f96d316f528ac0ac8f14dd47545825003d184a789d879228807d04c1a66fb35452f39bc5acb51b7fa894d46d3977226710ddfe7db9 |