asyncrat | 1d2dd29ed3e57eb0da6ed185cc2ebe7f69985953a3c214c4ba47c4b4e915fec8

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe
Size

21.2MB
MD5

3c31ae3a0e6825a0e37ae6a662ea5afa
SHA1

5fd70780a64c8386e365c598b2e766858967aec5
SHA256

1d2dd29ed3e57eb0da6ed185cc2ebe7f69985953a3c214c4ba47c4b4e915fec8
SHA512

56732de6ed6519fcad796004d195ad042686322928f56cfeacc5b731e1437c205aee9cfb1694ec64629a16b71962a28eb8fdd06c55d0e59cd41b32c34068baf0
SSDEEP

393216:roWcToMPDllAY4l81+I833ZvjG1ZMrCzMjauPIyPQJtAiB:Sp7V4Fb5bG1CM8augyIMi

Score

10^/10

asyncrat blacknet nanocore xmrig bot default evasion execution keylogger miner persistence rat spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

dontreachme3.ddns.net:3603

dontreachme1.ddns.net:3603

Mutex

19a5c2b0-5593-40da-9945-6c6b53e85d75

Attributes

activate_away_mode
false
backup_connection_host
dontreachme1.ddns.net
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2020-11-15T15:45:18.745530536Z
bypass_user_account_control
false
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
clear_access_control
false
clear_zone_identifier
false
connect_delay
4000
connection_port
3603
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
19a5c2b0-5593-40da-9945-6c6b53e85d75
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
dontreachme3.ddns.net
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
false
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

dontreachme3.ddns.net:3601

dontreachme1.ddns.net:3601

Mutex

AsyncMutex_6SI8OkPnk

Attributes

delay
3
install
false
install_file
EpicGames.exe
install_folder
%AppData%

aes.plain

Extracted

Family

blacknet

Version

v3.7.0 Public

Botnet

Bot

https://furyx.de/panel

Mutex

BN[e5decf896675e5ecc7bbef8ebff8a786]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
50651597687556f33b7fc75d90350b99
startup
false
usb_spread
true

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet

BlackNET payload 5 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3416-731-0x0000000000400000-0x000000000041E000-memory.dmp	family_blacknet
behavioral1/memory/3416-725-0x0000000000400000-0x000000000041E000-memory.dmp	family_blacknet
behavioral1/memory/3416-724-0x0000000000400000-0x000000000041E000-memory.dmp	family_blacknet
behavioral1/memory/3416-721-0x0000000000400000-0x000000000041E000-memory.dmp	family_blacknet
behavioral1/memory/3416-719-0x0000000000400000-0x000000000041E000-memory.dmp	family_blacknet

Contains code to disable Windows Defender 5 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource	yara_rule
behavioral1/memory/3416-731-0x0000000000400000-0x000000000041E000-memory.dmp	disable_win_def
behavioral1/memory/3416-725-0x0000000000400000-0x000000000041E000-memory.dmp	disable_win_def
behavioral1/memory/3416-724-0x0000000000400000-0x000000000041E000-memory.dmp	disable_win_def
behavioral1/memory/3416-721-0x0000000000400000-0x000000000041E000-memory.dmp	disable_win_def
behavioral1/memory/3416-719-0x0000000000400000-0x000000000041E000-memory.dmp	disable_win_def

Modifies WinLogon for persistence 2 TTPs 10 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

EdgeExplorer.exeNortonInstaller.exeWinExplorer.exeWindowsExplorer.exeFirefoxinstaller.exeEpicGames Service.exeMicrosoft Compatibilitys Telemetry.exeexplorer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,\"C:\\Users\\Admin\\Documents\\EdgeExplorer.exe\""	EdgeExplorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,\"C:\\Users\\Admin\\Documents\\NortonInstaller.exe\""	NortonInstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,\"C:\\Users\\Admin\\Documents\\WinExplorer.exe\""	WinExplorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\WINDOWS\\system32\\userinit.exe, \"C:\\explorer\\explorer.exe\""	WindowsExplorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,\"C:\\Users\\Admin\\Documents\\Firefoxinstaller.exe\""	Firefoxinstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,\"C:\\Users\\Admin\\Documents\\EpicGames Service.exe\""	EpicGames Service.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "explorer.exe,\"C:\\Users\\Admin\\Documents\\Microsoft Compatibilitys Telemetry.exe\""	Microsoft Compatibilitys Telemetry.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\explorer\\explorer.exe\""	WindowsExplorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\explorer\\explorer.exe\""	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\WINDOWS\\system32\\userinit.exe, \"C:\\explorer\\explorer.exe\""	explorer.exe

Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

Processes:

Firefoxinstaller.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	Firefoxinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Firefoxinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	Firefoxinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	Firefoxinstaller.exe

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore

UAC bypass 3 TTPs 3 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

reg.exeWD+UAC.exereg.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WD+UAC.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Windows security bypass 2 TTPs 13 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

EpicGames Service.exeEdgeExplorer.exeWinExplorer.exeNortonInstaller.exeMicrosoft Compatibilitys Telemetry.exeFirefoxinstaller.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EpicGames Service.exe = "0"	EpicGames Service.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths	EpicGames Service.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\EdgeExplorer.exe = "0"	EdgeExplorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\WinExplorer.exe = "0"	WinExplorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\EpicGames Service.exe = "0"	EpicGames Service.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\NortonInstaller.exe = "0"	NortonInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\Microsoft Compatibilitys Telemetry.exe = "0"	Microsoft Compatibilitys Telemetry.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefoxinstaller.exe = "0"	Firefoxinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeExplorer.exe = "0"	EdgeExplorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinExplorer.exe = "0"	WinExplorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NortonInstaller.exe = "0"	NortonInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\Firefoxinstaller.exe = "0"	Firefoxinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Compatibilitys Telemetry.exe = "0"	Microsoft Compatibilitys Telemetry.exe

XMRig Miner payload 8 IoCs

miner

Processes:

resource	yara_rule
C:\Users\Admin\Documents\Microsoft Compatibility Telemetry.exe	family_xmrig
C:\Users\Admin\Documents\Microsoft Compatibility Telemetry.exe	xmrig
behavioral1/memory/3752-773-0x0000000001100000-0x000000000182C000-memory.dmp	xmrig
behavioral1/memory/271176-798-0x00000000003D0000-0x0000000000AFC000-memory.dmp	xmrig
behavioral1/memory/282752-799-0x0000000000820000-0x0000000000F4C000-memory.dmp	xmrig
behavioral1/memory/294124-800-0x00000000011A0000-0x00000000018CC000-memory.dmp	xmrig
behavioral1/memory/343604-803-0x00000000003F0000-0x0000000000B1C000-memory.dmp	xmrig
behavioral1/memory/368792-805-0x0000000000F10000-0x000000000163C000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

WindowsExplorer.exeexplorer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	WindowsExplorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RuntimeBroker = "\"C:\\explorer\\explorer.exe\""	WindowsExplorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RuntimeBroker = "\"C:\\explorer\\explorer.exe\""	explorer.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 27 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exe

pid	process
556	powershell.exe
2392	powershell.exe
2916	powershell.exe
2672	powershell.exe
1120	powershell.exe
2276	powershell.exe
3044	powershell.exe
3040	powershell.exe
2196	powershell.exe
2900	powershell.exe
2652	powershell.exe
2912	powershell.exe
2908	powershell.exe
1504	powershell.exe
2820	powershell.exe
2188	powershell.exe
2336	powershell.exe
2444	powershell.exe
1908	powershell.exe
2992	powershell.exe
2880	powershell.exe
2552	powershell.exe
3068	powershell.exe
2320	powershell.exe
1832	powershell.exe
2524	powershell.exe
1608	powershell.exe

Drops file in Drivers directory 1 IoCs

Processes:

Microsoft Compatibility Telemetry.exe

description ioc process

File opened for modification C:\Windows\System32\drivers\etc\hosts Microsoft Compatibility Telemetry.exe

description	ioc	process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	Microsoft Compatibility Telemetry.exe

Drops startup file 13 IoCs

Processes:

EpicGames Service.exeEdgeExplorer.exeWinExplorer.exeMicrosoft Compatibilitys Telemetry.exeMicrosoft Compatibility Telemetry.exeFirefoxinstaller.exeNortonInstaller.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EpicGames Service.exe	EpicGames Service.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeExplorer.exe	EdgeExplorer.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinExplorer.exe	WinExplorer.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeExplorer.exe	EdgeExplorer.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Compatibilitys Telemetry.exe	Microsoft Compatibilitys Telemetry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Compatibilitys Telemetry.exe	Microsoft Compatibilitys Telemetry.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Security.exe	Microsoft Compatibility Telemetry.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefoxinstaller.exe	Firefoxinstaller.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EpicGames Service.exe	EpicGames Service.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NortonInstaller.exe	NortonInstaller.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinExplorer.exe	WinExplorer.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefoxinstaller.exe	Firefoxinstaller.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NortonInstaller.exe	NortonInstaller.exe

Executes dropped EXE 64 IoCs

Processes:

tmpB413.tmp.exetmpBA5B.tmp.exeProtonVPN_win_v1.18.5.exeWD+UAC.exeEdgeExplorer.exeEpicGames Service.exeFirefoxinstaller.exeMicrosoft Compatibilitys Telemetry.exeNortonInstaller.exeWinExplorer.exeEdgeExplorer.exeEdgeExplorer.exeWinExplorer.exeNortonInstaller.exeFirefoxinstaller.exeMicrosoft Compatibilitys Telemetry.exeFirefoxinstaller.exeEpicGames Service.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exeEdgeExplorer.exe

pid	process
1724	tmpB413.tmp.exe
400	tmpBA5B.tmp.exe
2356	ProtonVPN_win_v1.18.5.exe
2664	WD+UAC.exe
2740	EdgeExplorer.exe
1008	EpicGames Service.exe
1964	Firefoxinstaller.exe
1216	Microsoft Compatibilitys Telemetry.exe
2104	NortonInstaller.exe
2816	WinExplorer.exe
2788	EdgeExplorer.exe
316	EdgeExplorer.exe
1504	WinExplorer.exe
2200	NortonInstaller.exe
1956	Firefoxinstaller.exe
1512	Microsoft Compatibilitys Telemetry.exe
3416	Firefoxinstaller.exe
1576	EpicGames Service.exe
2616	EdgeExplorer.exe
2240	EdgeExplorer.exe
4408	EdgeExplorer.exe
4416	EdgeExplorer.exe
4480	EdgeExplorer.exe
4504	EdgeExplorer.exe
4512	EdgeExplorer.exe
4532	EdgeExplorer.exe
4540	EdgeExplorer.exe
4576	EdgeExplorer.exe
4584	EdgeExplorer.exe
4600	EdgeExplorer.exe
4608	EdgeExplorer.exe
4624	EdgeExplorer.exe
4632	EdgeExplorer.exe
4648	EdgeExplorer.exe
4656	EdgeExplorer.exe
4664	EdgeExplorer.exe
4672	EdgeExplorer.exe
4680	EdgeExplorer.exe
4688	EdgeExplorer.exe
4696	EdgeExplorer.exe
4704	EdgeExplorer.exe
4716	EdgeExplorer.exe
4724	EdgeExplorer.exe
4736	EdgeExplorer.exe
4744	EdgeExplorer.exe
4752	EdgeExplorer.exe
4760	EdgeExplorer.exe
4768	EdgeExplorer.exe
4776	EdgeExplorer.exe
4788	EdgeExplorer.exe
4796	EdgeExplorer.exe
4808	EdgeExplorer.exe
4816	EdgeExplorer.exe
4824	EdgeExplorer.exe
4832	EdgeExplorer.exe
4840	EdgeExplorer.exe
4848	EdgeExplorer.exe
4856	EdgeExplorer.exe
4864	EdgeExplorer.exe
4872	EdgeExplorer.exe
4880	EdgeExplorer.exe
4888	EdgeExplorer.exe
4896	EdgeExplorer.exe
4904	EdgeExplorer.exe

Loads dropped DLL 37 IoCs

Processes:

tmpB413.tmp.exeProtonVPN_win_v1.18.5.exeFirefoxinstaller.exeWerFault.exeNortonInstaller.exeMsiExec.exeNortonInstaller.exeFirefoxinstaller.exeFirefoxinstaller.exeWerFault.exeWinExplorer.exeMicrosoft Compatibilitys Telemetry.execmd.exeMicrosoft Compatibility Telemetry.exe

pid	process
1724	tmpB413.tmp.exe
2356	ProtonVPN_win_v1.18.5.exe
2356	ProtonVPN_win_v1.18.5.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2540	WerFault.exe
2808	MsiExec.exe
2104	NortonInstaller.exe
1964	Firefoxinstaller.exe
2200	NortonInstaller.exe
2200	NortonInstaller.exe
2200	NortonInstaller.exe
1956	Firefoxinstaller.exe
1956	Firefoxinstaller.exe
1956	Firefoxinstaller.exe
1956	Firefoxinstaller.exe
3416	Firefoxinstaller.exe
3416	Firefoxinstaller.exe
3416	Firefoxinstaller.exe
3512	WerFault.exe
3512	WerFault.exe
1504	WinExplorer.exe
1504	WinExplorer.exe
1512	Microsoft Compatibilitys Telemetry.exe
3512	WerFault.exe
3824	cmd.exe
3824	cmd.exe
3752	Microsoft Compatibility Telemetry.exe
3752	Microsoft Compatibility Telemetry.exe

Windows security modification 2 TTPs 19 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

EpicGames Service.exeNortonInstaller.exeFirefoxinstaller.exeWinExplorer.exeMicrosoft Compatibilitys Telemetry.exeEdgeExplorer.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EpicGames Service.exe = "0"	EpicGames Service.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\NortonInstaller.exe = "0"	NortonInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Real-Time Protection	Firefoxinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Spynet\SubmitSamplesConsent = "0"	Firefoxinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths	EpicGames Service.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefoxinstaller.exe = "0"	Firefoxinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\EpicGames Service.exe = "0"	EpicGames Service.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\WinExplorer.exe = "0"	WinExplorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\Microsoft Compatibilitys Telemetry.exe = "0"	Microsoft Compatibilitys Telemetry.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	Firefoxinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Features	Firefoxinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NortonInstaller.exe = "0"	NortonInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinExplorer.exe = "0"	WinExplorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\EdgeExplorer.exe = "0"	EdgeExplorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\Documents\Firefoxinstaller.exe = "0"	Firefoxinstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Compatibilitys Telemetry.exe = "0"	Microsoft Compatibilitys Telemetry.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	Firefoxinstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions	EpicGames Service.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeExplorer.exe = "0"	EdgeExplorer.exe

Adds Run key to start application 2 TTPs 17 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Firefoxinstaller.exeEpicGames Service.exeMicrosoft Compatibilitys Telemetry.exeexplorer.exeFirefoxinstaller.exeEdgeExplorer.exeNortonInstaller.exeWindowsExplorer.exeWinExplorer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\<Unknown> = "C:\\Users\\Admin\\Documents\\Firefoxinstaller.exe"	Firefoxinstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\<Unknown> = "C:\\Users\\Admin\\Documents\\EpicGames Service.exe"	EpicGames Service.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Compatibilitys Telemetry.exe = "C:\\Users\\Admin\\Documents\\Microsoft Compatibilitys Telemetry.exe"	Microsoft Compatibilitys Telemetry.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\explorer\\explorer.exe\""	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Firefox.exeI nstaller\\Firefox.exe"	Firefoxinstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\<Unknown> = "C:\\Users\\Admin\\Documents\\EdgeExplorer.exe"	EdgeExplorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\<Unknown> = "C:\\Users\\Admin\\Documents\\NortonInstaller.exe"	NortonInstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\Firefoxinstaller.exe = "C:\\Users\\Admin\\Documents\\Firefoxinstaller.exe"	Firefoxinstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\NortonInstaller.exe = "C:\\Users\\Admin\\Documents\\NortonInstaller.exe"	NortonInstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\explorer\\explorer.exe\""	WindowsExplorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\explorer\\explorer.exe\""	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\EdgeExplorer.exe = "C:\\Users\\Admin\\Documents\\EdgeExplorer.exe"	EdgeExplorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\EpicGames Service.exe = "C:\\Users\\Admin\\Documents\\EpicGames Service.exe"	EpicGames Service.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinExplorer.exe = "C:\\Users\\Admin\\Documents\\WinExplorer.exe"	WinExplorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\<Unknown> = "C:\\Users\\Admin\\Documents\\Microsoft Compatibilitys Telemetry.exe"	Microsoft Compatibilitys Telemetry.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\<Unknown> = "C:\\Users\\Admin\\Documents\\WinExplorer.exe"	WinExplorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\explorer\\explorer.exe\""	WindowsExplorer.exe

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

WD+UAC.exeNortonInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	WD+UAC.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WD+UAC.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	NortonInstaller.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exeProtonVPN_win_v1.18.5.exe

description	ioc	process
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\P:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\Z:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\M:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\Q:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\R:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\U:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\V:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\G:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\H:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\S:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\Y:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\L:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\J:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\T:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\W:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\N:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\O:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\X:	ProtonVPN_win_v1.18.5.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service
T1102

Processes:

flow ioc

18 pastebin.com
22 pastebin.com
23 pastebin.com
15 pastebin.com
16 pastebin.com
17 pastebin.com
19 pastebin.com
20 pastebin.com
21 pastebin.com
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

33 api.ipify.org
32 api.ipify.org

flow	ioc
18	pastebin.com
22	pastebin.com
23	pastebin.com
15	pastebin.com
16	pastebin.com
17	pastebin.com
19	pastebin.com
20	pastebin.com
21	pastebin.com

flow	ioc
33	api.ipify.org
32	api.ipify.org

Modifies WinLogon 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

WindowsExplorer.exeexplorer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\	WindowsExplorer.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\	explorer.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

Processes:

EpicGames Service.exeMicrosoft Compatibilitys Telemetry.exeNortonInstaller.exeEdgeExplorer.exeFirefoxinstaller.exe

pid	process
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe

Suspicious use of SetThreadContext 6 IoCs

Processes:

WinExplorer.exeNortonInstaller.exeFirefoxinstaller.exeMicrosoft Compatibilitys Telemetry.exeFirefoxinstaller.exeEpicGames Service.exe

description	pid	process	target process
PID 2816 set thread context of 1504	2816	WinExplorer.exe	WinExplorer.exe
PID 2104 set thread context of 2200	2104	NortonInstaller.exe	NortonInstaller.exe
PID 1964 set thread context of 1956	1964	Firefoxinstaller.exe	Firefoxinstaller.exe
PID 1216 set thread context of 1512	1216	Microsoft Compatibilitys Telemetry.exe	Microsoft Compatibilitys Telemetry.exe
PID 1956 set thread context of 3416	1956	Firefoxinstaller.exe	Firefoxinstaller.exe
PID 1008 set thread context of 1576	1008	EpicGames Service.exe	EpicGames Service.exe

Drops file in Windows directory 2 IoCs

Processes:

Microsoft Compatibility Telemetry.exe

description	ioc	process
File created	C:\Windows\MicrosoftCompabilityTelemetry.exe	Microsoft Compatibility Telemetry.exe
File opened for modification	C:\Windows\MicrosoftCompabilityTelemetry.exe	Microsoft Compatibility Telemetry.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2540 2664 WerFault.exe WD+UAC.exe
3512 1008 WerFault.exe EpicGames Service.exe
Delays execution with timeout.exe 6 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid process

2776 timeout.exe
1320 timeout.exe
1576 timeout.exe
2892 timeout.exe
1232 timeout.exe
2460 timeout.exe
Modifies registry key 1 TTPs 2 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exe

pid process

3968 reg.exe
1612 reg.exe

pid	pid_target	process	target process
2540	2664	WerFault.exe	WD+UAC.exe
3512	1008	WerFault.exe	EpicGames Service.exe

pid	process
2776	timeout.exe
1320	timeout.exe
1576	timeout.exe
2892	timeout.exe
1232	timeout.exe
2460	timeout.exe

pid	process
3968	reg.exe
1612	reg.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

ProtonVPN_win_v1.18.5.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	ProtonVPN_win_v1.18.5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ProtonVPN_win_v1.18.5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ProtonVPN_win_v1.18.5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ProtonVPN_win_v1.18.5.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4040 PING.EXE
193188
Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exeschtasks.exe

pid process

193108
4216 schtasks.exe
3396 schtasks.exe

pid	process
4040	PING.EXE
193188

pid	process
193108
4216	schtasks.exe
3396	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

tmpBA5B.tmp.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exeEpicGames Service.exeMicrosoft Compatibilitys Telemetry.exeNortonInstaller.exeEdgeExplorer.exeFirefoxinstaller.exeWinExplorer.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exeWinExplorer.exepowershell.exeMicrosoft Compatibilitys Telemetry.exe

pid	process
400	tmpBA5B.tmp.exe
400	tmpBA5B.tmp.exe
400	tmpBA5B.tmp.exe
2916	powershell.exe
2336	powershell.exe
2392	powershell.exe
2672	powershell.exe
1120	powershell.exe
3044	powershell.exe
1504	powershell.exe
2900	powershell.exe
2444	powershell.exe
1908	powershell.exe
2912	powershell.exe
2652	powershell.exe
1832	powershell.exe
2196	powershell.exe
2820	powershell.exe
2880	powershell.exe
1008	EpicGames Service.exe
1216	Microsoft Compatibilitys Telemetry.exe
2104	NortonInstaller.exe
2740	EdgeExplorer.exe
1964	Firefoxinstaller.exe
2816	WinExplorer.exe
556	powershell.exe
2524	powershell.exe
3068	powershell.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2992	powershell.exe
2816	WinExplorer.exe
2816	WinExplorer.exe
2104	NortonInstaller.exe
2104	NortonInstaller.exe
1964	Firefoxinstaller.exe
1964	Firefoxinstaller.exe
1216	Microsoft Compatibilitys Telemetry.exe
1216	Microsoft Compatibilitys Telemetry.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2188	powershell.exe
1504	WinExplorer.exe
1504	WinExplorer.exe
1504	WinExplorer.exe
3040	powershell.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
1008	EpicGames Service.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
1512	Microsoft Compatibilitys Telemetry.exe
1512	Microsoft Compatibilitys Telemetry.exe
1512	Microsoft Compatibilitys Telemetry.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe
2740	EdgeExplorer.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

NortonInstaller.exeProtonVPN_win_v1.18.5.exe

pid process

2200 NortonInstaller.exe
2356 ProtonVPN_win_v1.18.5.exe

pid	process
2200	NortonInstaller.exe
2356	ProtonVPN_win_v1.18.5.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exetmpBA5B.tmp.exeEdgeExplorer.exeFirefoxinstaller.exeNortonInstaller.exeWinExplorer.exeEpicGames Service.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exeMicrosoft Compatibilitys Telemetry.exepowershell.exepowershell.exemsiexec.exeProtonVPN_win_v1.18.5.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	1660	3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe
Token: SeDebugPrivilege	400	tmpBA5B.tmp.exe
Token: SeDebugPrivilege	2740	EdgeExplorer.exe
Token: SeDebugPrivilege	1964	Firefoxinstaller.exe
Token: SeDebugPrivilege	2104	NortonInstaller.exe
Token: SeDebugPrivilege	2816	WinExplorer.exe
Token: SeDebugPrivilege	1008	EpicGames Service.exe
Token: SeDebugPrivilege	2916	powershell.exe
Token: SeDebugPrivilege	2336	powershell.exe
Token: SeDebugPrivilege	2392	powershell.exe
Token: SeDebugPrivilege	2672	powershell.exe
Token: SeDebugPrivilege	1120	powershell.exe
Token: SeDebugPrivilege	3044	powershell.exe
Token: SeDebugPrivilege	1504	powershell.exe
Token: SeDebugPrivilege	2900	powershell.exe
Token: SeDebugPrivilege	2444	powershell.exe
Token: SeDebugPrivilege	1216	Microsoft Compatibilitys Telemetry.exe
Token: SeDebugPrivilege	1908	powershell.exe
Token: SeDebugPrivilege	2912	powershell.exe
Token: SeRestorePrivilege	2348	msiexec.exe
Token: SeTakeOwnershipPrivilege	2348	msiexec.exe
Token: SeSecurityPrivilege	2348	msiexec.exe
Token: SeCreateTokenPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeAssignPrimaryTokenPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeLockMemoryPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeIncreaseQuotaPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeMachineAccountPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeTcbPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeSecurityPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeTakeOwnershipPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeLoadDriverPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeSystemProfilePrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeSystemtimePrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeProfSingleProcessPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeIncBasePriorityPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeCreatePagefilePrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeCreatePermanentPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeBackupPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeRestorePrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeShutdownPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeDebugPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeAuditPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeSystemEnvironmentPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeChangeNotifyPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeRemoteShutdownPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeUndockPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeSyncAgentPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeEnableDelegationPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeManageVolumePrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeImpersonatePrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeCreateGlobalPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeDebugPrivilege	2652	powershell.exe
Token: SeCreateTokenPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeAssignPrimaryTokenPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeLockMemoryPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeIncreaseQuotaPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeMachineAccountPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeTcbPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeSecurityPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeTakeOwnershipPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeLoadDriverPrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeSystemProfilePrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeSystemtimePrivilege	2356	ProtonVPN_win_v1.18.5.exe
Token: SeProfSingleProcessPrivilege	2356	ProtonVPN_win_v1.18.5.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

ProtonVPN_win_v1.18.5.exe

pid process

2356 ProtonVPN_win_v1.18.5.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

Firefoxinstaller.exeexplorer.exe

pid process

3416 Firefoxinstaller.exe
3416 Firefoxinstaller.exe
3664 explorer.exe
3416 Firefoxinstaller.exe

pid	process
2356	ProtonVPN_win_v1.18.5.exe

pid	process
3416	Firefoxinstaller.exe
3416	Firefoxinstaller.exe
3664	explorer.exe
3416	Firefoxinstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exetmpB413.tmp.exetmpBA5B.tmp.exeEdgeExplorer.exeFirefoxinstaller.exeEpicGames Service.exeWD+UAC.exe

description	pid	process	target process
PID 1660 wrote to memory of 1724	1660	3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe	tmpB413.tmp.exe
PID 1660 wrote to memory of 1724	1660	3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe	tmpB413.tmp.exe
PID 1660 wrote to memory of 1724	1660	3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe	tmpB413.tmp.exe
PID 1660 wrote to memory of 1724	1660	3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe	tmpB413.tmp.exe
PID 1660 wrote to memory of 400	1660	3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe	tmpBA5B.tmp.exe
PID 1660 wrote to memory of 400	1660	3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe	tmpBA5B.tmp.exe
PID 1660 wrote to memory of 400	1660	3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe	tmpBA5B.tmp.exe
PID 1724 wrote to memory of 2356	1724	tmpB413.tmp.exe	ProtonVPN_win_v1.18.5.exe
PID 1724 wrote to memory of 2356	1724	tmpB413.tmp.exe	ProtonVPN_win_v1.18.5.exe
PID 1724 wrote to memory of 2356	1724	tmpB413.tmp.exe	ProtonVPN_win_v1.18.5.exe
PID 1724 wrote to memory of 2356	1724	tmpB413.tmp.exe	ProtonVPN_win_v1.18.5.exe
PID 1724 wrote to memory of 2356	1724	tmpB413.tmp.exe	ProtonVPN_win_v1.18.5.exe
PID 1724 wrote to memory of 2356	1724	tmpB413.tmp.exe	ProtonVPN_win_v1.18.5.exe
PID 1724 wrote to memory of 2356	1724	tmpB413.tmp.exe	ProtonVPN_win_v1.18.5.exe
PID 400 wrote to memory of 2664	400	tmpBA5B.tmp.exe	WD+UAC.exe
PID 400 wrote to memory of 2664	400	tmpBA5B.tmp.exe	WD+UAC.exe
PID 400 wrote to memory of 2664	400	tmpBA5B.tmp.exe	WD+UAC.exe
PID 400 wrote to memory of 2664	400	tmpBA5B.tmp.exe	WD+UAC.exe
PID 400 wrote to memory of 2740	400	tmpBA5B.tmp.exe	EdgeExplorer.exe
PID 400 wrote to memory of 2740	400	tmpBA5B.tmp.exe	EdgeExplorer.exe
PID 400 wrote to memory of 2740	400	tmpBA5B.tmp.exe	EdgeExplorer.exe
PID 400 wrote to memory of 2740	400	tmpBA5B.tmp.exe	EdgeExplorer.exe
PID 400 wrote to memory of 1008	400	tmpBA5B.tmp.exe	EpicGames Service.exe
PID 400 wrote to memory of 1008	400	tmpBA5B.tmp.exe	EpicGames Service.exe
PID 400 wrote to memory of 1008	400	tmpBA5B.tmp.exe	EpicGames Service.exe
PID 400 wrote to memory of 1008	400	tmpBA5B.tmp.exe	EpicGames Service.exe
PID 400 wrote to memory of 1964	400	tmpBA5B.tmp.exe	Firefoxinstaller.exe
PID 400 wrote to memory of 1964	400	tmpBA5B.tmp.exe	Firefoxinstaller.exe
PID 400 wrote to memory of 1964	400	tmpBA5B.tmp.exe	Firefoxinstaller.exe
PID 400 wrote to memory of 1964	400	tmpBA5B.tmp.exe	Firefoxinstaller.exe
PID 400 wrote to memory of 1964	400	tmpBA5B.tmp.exe	Firefoxinstaller.exe
PID 400 wrote to memory of 1964	400	tmpBA5B.tmp.exe	Firefoxinstaller.exe
PID 400 wrote to memory of 1964	400	tmpBA5B.tmp.exe	Firefoxinstaller.exe
PID 400 wrote to memory of 1216	400	tmpBA5B.tmp.exe	Microsoft Compatibilitys Telemetry.exe
PID 400 wrote to memory of 1216	400	tmpBA5B.tmp.exe	Microsoft Compatibilitys Telemetry.exe
PID 400 wrote to memory of 1216	400	tmpBA5B.tmp.exe	Microsoft Compatibilitys Telemetry.exe
PID 400 wrote to memory of 1216	400	tmpBA5B.tmp.exe	Microsoft Compatibilitys Telemetry.exe
PID 2740 wrote to memory of 2916	2740	EdgeExplorer.exe	powershell.exe
PID 2740 wrote to memory of 2916	2740	EdgeExplorer.exe	powershell.exe
PID 2740 wrote to memory of 2916	2740	EdgeExplorer.exe	powershell.exe
PID 2740 wrote to memory of 2916	2740	EdgeExplorer.exe	powershell.exe
PID 1964 wrote to memory of 2820	1964	Firefoxinstaller.exe	powershell.exe
PID 1964 wrote to memory of 2820	1964	Firefoxinstaller.exe	powershell.exe
PID 1964 wrote to memory of 2820	1964	Firefoxinstaller.exe	powershell.exe
PID 1964 wrote to memory of 2820	1964	Firefoxinstaller.exe	powershell.exe
PID 1964 wrote to memory of 2820	1964	Firefoxinstaller.exe	powershell.exe
PID 1964 wrote to memory of 2820	1964	Firefoxinstaller.exe	powershell.exe
PID 1964 wrote to memory of 2820	1964	Firefoxinstaller.exe	powershell.exe
PID 1008 wrote to memory of 2672	1008	EpicGames Service.exe	powershell.exe
PID 1008 wrote to memory of 2672	1008	EpicGames Service.exe	powershell.exe
PID 1008 wrote to memory of 2672	1008	EpicGames Service.exe	powershell.exe
PID 1008 wrote to memory of 2672	1008	EpicGames Service.exe	powershell.exe
PID 2664 wrote to memory of 2540	2664	WD+UAC.exe	WerFault.exe
PID 2664 wrote to memory of 2540	2664	WD+UAC.exe	WerFault.exe
PID 2664 wrote to memory of 2540	2664	WD+UAC.exe	WerFault.exe
PID 2664 wrote to memory of 2540	2664	WD+UAC.exe	WerFault.exe
PID 400 wrote to memory of 2104	400	tmpBA5B.tmp.exe	NortonInstaller.exe
PID 400 wrote to memory of 2104	400	tmpBA5B.tmp.exe	NortonInstaller.exe
PID 400 wrote to memory of 2104	400	tmpBA5B.tmp.exe	NortonInstaller.exe
PID 400 wrote to memory of 2104	400	tmpBA5B.tmp.exe	NortonInstaller.exe
PID 400 wrote to memory of 2104	400	tmpBA5B.tmp.exe	NortonInstaller.exe
PID 400 wrote to memory of 2104	400	tmpBA5B.tmp.exe	NortonInstaller.exe
PID 400 wrote to memory of 2104	400	tmpBA5B.tmp.exe	NortonInstaller.exe
PID 400 wrote to memory of 2816	400	tmpBA5B.tmp.exe	WinExplorer.exe

System policy modification 1 TTPs 1 IoCs
evasion

Modify Registry
T1112

Processes:

WD+UAC.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" WD+UAC.exe
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

pid process

309348
309368

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	WD+UAC.exe

pid	process
309348
309368

C:\Users\Admin\AppData\Local\Temp\3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3c31ae3a0e6825a0e37ae6a662ea5afa_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1660

C:\Users\Admin\AppData\Local\Temp\tmpB413.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpB413.tmp.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1724

C:\Users\Admin\AppData\Local\Temp\ProtonVPN_win_v1.18.5.exe
"C:\Users\Admin\AppData\Local\Temp\ProtonVPN_win_v1.18.5.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2356

C:\Users\Admin\AppData\Local\Temp\tmpBA5B.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmpBA5B.tmp.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:400

C:\Users\Admin\AppData\Local\Temp\WD+UAC.exe
"C:\Users\Admin\AppData\Local\Temp\WD+UAC.exe"
3⤵
- UAC bypass
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 616
4⤵
- Loads dropped DLL
- Program crash
PID:2540

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
3⤵
- Modifies WinLogon for persistence
- Windows security bypass
- Drops startup file
- Executes dropped EXE
- Windows security modification
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2740

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeExplorer.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2916

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeExplorer.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2196

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeExplorer.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1504

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\EdgeExplorer.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2900

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
4⤵
PID:2832

C:\Windows\SysWOW64\timeout.exe
timeout 1
5⤵
- Delays execution with timeout.exe
PID:1232

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:2788

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:316

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:2616

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:2240

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4408

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4416

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4480

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4504

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4512

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4532

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4540

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4576

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4584

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4600

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4608

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4624

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4632

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4648

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4656

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4664

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4672

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4680

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4688

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4696

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4704

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4716

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4724

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4736

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4744

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4752

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4760

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4768

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4776

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4788

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4796

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4808

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4816

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4824

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4832

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4840

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4848

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4856

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4864

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4872

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4880

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4888

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4896

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
- Executes dropped EXE
PID:4904

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4912

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4920

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4928

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4936

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4944

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4952

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4960

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4968

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4976

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4984

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4992

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5000

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5008

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5016

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5024

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5032

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5040

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5048

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5056

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5064

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5072

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5084

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5092

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5100

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5108

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5116

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2104

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2020

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1640

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2904

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1284

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4232

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2564

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1660

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1460

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2600

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3012

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:664

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2456

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2132

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:808

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3036

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2492

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2332

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1264

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2520

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2244

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2428

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2320

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2812

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2728

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2996

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3424

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3432

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3440

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3448

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3456

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3464

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3472

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3480

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3488

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3496

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3504

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3524

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3532

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3540

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3548

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3556

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3564

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3572

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3580

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3588

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3596

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3604

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3612

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3620

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3628

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3636

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3648

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3656

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3736

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3744

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3860

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3904

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3912

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3924

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3960

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3996

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4008

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4016

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4024

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4032

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4048

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4056

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4068

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4076

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4084

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4092

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:876

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1056

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4104

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4116

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4124

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4132

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4140

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4148

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4160

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4168

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4176

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4180

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4188

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3060

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4212

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:896

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1792

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1232

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2584

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2580

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2228

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1976

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2220

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:836

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1900

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1728

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1204

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:752

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2336

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2696

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2716

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1684

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2448

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1860

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:756

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2184

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:352

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2760

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2948

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1268

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:496

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:636

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2064

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1216

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2952

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3076

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3084

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3092

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3100

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3108

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3116

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3124

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3132

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3140

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3148

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3156

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3164

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3172

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3180

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3188

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3196

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3212

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3220

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3228

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3236

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3244

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3252

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3260

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3268

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3280

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3288

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3296

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3304

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3320

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3328

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3336

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3344

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3352

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3360

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3020

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1120

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:236

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3204

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4264

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4316

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4336

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4384

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4392

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4400

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4440

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2964

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2628

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2284

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2860

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2312

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4784

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2500

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1716

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4556

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4564

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2604

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1696

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:340

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2988

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1712

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2172

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2748

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:840

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3760

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4244

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3672

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2508

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2756

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1400

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4224

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3768

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4476

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3732

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3708

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1048

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2296

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:448

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2112

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1556

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3796

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3728

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1476

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3808

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4432

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2444

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3520

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3780

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3840

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4216

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3976

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:692

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:296

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3984

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2936

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2704

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2488

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2480

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2212

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1720

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2292

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2624

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3068

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2484

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1584

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2644

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3064

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4300

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4200

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3876

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3920

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3952

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1852

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1936

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1500

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3972

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3852

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2272

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1464

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4304

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2676

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3368

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1244

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2044

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3684

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4452

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4312

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4284

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2912

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3396

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4252

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4260

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1596

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3788

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3668

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1884

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3024

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3688

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3696

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4368

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3716

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3384

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2908

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1888

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:948

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2680

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4100

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:540

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4344

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5080

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:2888

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4240

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3792

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1780

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4364

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:1608

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:4296

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3828

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3824

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:3868

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5124

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5132

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5140

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5148

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5156

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5164

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5172

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5180

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5188

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5196

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5204

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5212

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5220

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5228

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5236

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5244

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5252

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5260

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5268

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5276

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5284

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5292

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5300

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5308

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5316

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5324

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5332

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5340

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5348

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5356

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5364

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5372

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5380

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5388

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5396

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5404

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5412

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5420

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5428

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5436

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5444

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5452

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5460

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5468

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5476

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5484

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5492

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5500

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5508

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5516

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5524

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5532

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5540

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5548

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5556

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5564

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5572

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5580

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5588

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5596

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5604

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5612

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5620

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5628

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5636

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5644

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5652

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5660

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5668

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5676

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5684

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5692

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5700

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5708

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5716

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5724

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5732

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5740

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5748

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5756

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5764

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5772

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5780

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5788

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5796

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5804

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5812

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5820

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5828

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5836

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5844

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5852

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5860

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5868

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5876

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5884

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5892

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5900

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5908

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5916

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5924

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5932

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5940

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5948

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5956

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5964

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5972

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5980

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5988

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:5996

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6004

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6012

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6020

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6028

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6036

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6044

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6052

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6060

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6068

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6076

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6084

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6092

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6100

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6108

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6116

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6124

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6132

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6140

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6152

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6160

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6168

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6176

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6184

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6192

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6200

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6208

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6216

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6224

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6232

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6240

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6248

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6256

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6264

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6272

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6280

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6288

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6296

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6304

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6312

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6320

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6328

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6336

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6344

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6352

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6360

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6368

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6376

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6384

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6392

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6400

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6408

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6416

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6424

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6432

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6440

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6448

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6456

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6464

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6472

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6480

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6488

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6496

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6504

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6512

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6520

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6528

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6536

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6544

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6552

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6560

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6568

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6576

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6584

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6592

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6600

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6608

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6616

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6624

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6632

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6640

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6648

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6656

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6664

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6672

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6680

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6688

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6696

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6704

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6712

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6720

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6728

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6736

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6744

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6752

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6760

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6768

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6776

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6784

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6792

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6800

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6808

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6816

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6824

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6832

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6840

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6848

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6856

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6864

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6872

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6880

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6888

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6896

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6904

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6912

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6920

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6928

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6936

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6944

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6952

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6960

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6968

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6976

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6984

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:6992

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7000

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7008

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7016

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7024

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7032

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7040

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7048

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7056

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7064

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7072

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7080

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7088

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7096

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7104

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7112

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7120

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7128

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7136

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7144

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7152

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7160

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7172

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7180

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7188

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7196

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7204

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7212

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7220

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7228

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7236

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7244

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7252

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7260

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7268

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7276

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7284

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7292

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7300

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7308

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7316

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7324

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7332

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7340

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7348

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7356

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7364

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7372

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7380

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7388

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7396

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7404

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7412

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7420

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7428

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7436

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7444

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7452

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7460

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7468

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7476

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7484

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7492

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7500

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7508

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7516

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7524

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7532

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7540

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7548

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7556

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7564

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7572

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7580

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7588

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7596

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7604

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7612

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7620

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7628

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7636

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7644

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7652

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7660

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7668

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7676

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7684

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7692

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7700

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7708

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7716

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7724

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7732

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7740

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7748

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7756

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7764

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7772

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7780

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7788

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7796

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7804

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7812

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7820

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7828

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7836

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7844

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7852

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7860

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7868

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7876

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7884

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7892

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7900

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7908

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7916

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7924

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7932

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7940

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7948

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7956

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7964

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7972

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7980

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7988

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:7996

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8004

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8012

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8020

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8028

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8036

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8044

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8052

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8060

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8068

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8076

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8084

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8092

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8100

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8108

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8116

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8124

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8132

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8140

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8148

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8156

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8164

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8172

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8180

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8188

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8200

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8208

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8216

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8224

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8232

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8240

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8248

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8256

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8264

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8272

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8280

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8288

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8296

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8304

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8312

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8320

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8328

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8336

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8344

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8352

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8360

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8368

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8376

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8384

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8392

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8400

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8408

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8416

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8424

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8432

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8440

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8448

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8456

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8464

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8472

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8480

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8488

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8496

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8504

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8512

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8520

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8528

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8536

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8544

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8552

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8560

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8568

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8576

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8584

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8592

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8600

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8608

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8616

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8624

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8632

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8640

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8648

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8656

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8664

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8672

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8680

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8688

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8696

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8704

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8712

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8720

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8728

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8736

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8744

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8752

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8760

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8768

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8776

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8784

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8792

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8800

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8808

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8816

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8824

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8832

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8840

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8848

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8856

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8864

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8872

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8880

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8888

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8896

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8904

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8912

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8920

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8928

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8936

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8944

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8952

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8960

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8968

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8976

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8984

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:8992

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9000

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9008

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9016

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9024

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9032

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9040

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9048

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9056

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9064

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9072

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9080

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9088

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9096

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9104

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9112

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9120

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9128

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9136

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9144

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9152

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9160

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9168

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9176

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9184

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9192

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9200

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9208

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9220

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9228

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9236

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9244

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9252

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9260

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9268

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9276

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9284

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9292

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9300

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9308

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9316

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9328

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9336

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9344

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9352

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9360

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9372

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9380

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9388

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9396

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9404

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9412

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9420

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9428

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9436

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9444

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9452

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9460

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9468

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9476

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9484

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9492

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9500

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9508

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9516

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9524

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9532

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9540

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9548

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9556

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9564

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9572

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9580

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9588

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9596

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9604

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9612

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9620

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9628

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9636

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9644

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9652

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9660

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9668

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9676

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9684

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9692

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9700

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9708

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9716

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9724

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9732

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9740

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9748

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9756

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9764

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9772

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9780

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9788

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9796

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9804

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9812

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9820

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9828

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9836

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9844

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9852

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9860

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9868

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9876

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9884

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9892

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9900

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9908

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9916

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9924

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9932

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9940

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9948

C:\Users\Admin\Documents\EdgeExplorer.exe
"C:\Users\Admin\Documents\EdgeExplorer.exe"
4⤵
PID:9956

C:\Users\Admin\Documents\EpicGames Service.exe
"C:\Users\Admin\Documents\EpicGames Service.exe"
3⤵
- Modifies WinLogon for persistence
- Windows security bypass
- Drops startup file
- Executes dropped EXE
- Windows security modification
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1008

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EpicGames Service.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2672

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EpicGames Service.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:556

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EpicGames Service.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1120

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\EpicGames Service.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3044

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
4⤵
PID:1464

C:\Windows\SysWOW64\timeout.exe
timeout 1
5⤵
- Delays execution with timeout.exe
PID:2892

C:\Users\Admin\Documents\EpicGames Service.exe
"C:\Users\Admin\Documents\EpicGames Service.exe"
4⤵
- Executes dropped EXE
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 1776
4⤵
- Loads dropped DLL
- Program crash
PID:3512

C:\Users\Admin\Documents\Firefoxinstaller.exe
"C:\Users\Admin\Documents\Firefoxinstaller.exe"
3⤵
- Modifies WinLogon for persistence
- Modifies Windows Defender Real-time Protection settings
- Windows security bypass
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1964

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefoxinstaller.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2820

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefoxinstaller.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2188

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefoxinstaller.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2880

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\Firefoxinstaller.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2992

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
4⤵
PID:2020

C:\Windows\SysWOW64\timeout.exe
timeout 1
5⤵
- Delays execution with timeout.exe
PID:1576

C:\Users\Admin\Documents\Firefoxinstaller.exe
"C:\Users\Admin\Documents\Firefoxinstaller.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
PID:1956

C:\Users\Admin\Documents\Firefoxinstaller.exe
"C:\Users\Admin\Documents\Firefoxinstaller.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3416

C:\Users\Admin\Documents\Microsoft Compatibilitys Telemetry.exe
"C:\Users\Admin\Documents\Microsoft Compatibilitys Telemetry.exe"
3⤵
- Modifies WinLogon for persistence
- Windows security bypass
- Drops startup file
- Executes dropped EXE
- Windows security modification
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1216

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Compatibilitys Telemetry.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2652

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Compatibilitys Telemetry.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2912

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Compatibilitys Telemetry.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
PID:2320

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\Microsoft Compatibilitys Telemetry.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:2524

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
4⤵
PID:908

C:\Windows\SysWOW64\timeout.exe
timeout 1
5⤵
- Delays execution with timeout.exe
PID:2776

C:\Users\Admin\Documents\Microsoft Compatibilitys Telemetry.exe
"C:\Users\Admin\Documents\Microsoft Compatibilitys Telemetry.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1512

C:\Users\Admin\Documents\Microsoft Compatibility Telemetry.exe
"C:\Users\Admin\Documents\Microsoft Compatibility Telemetry.exe"
5⤵
- Drops file in Drivers directory
- Drops startup file
- Loads dropped DLL
- Drops file in Windows directory
PID:3752

C:\Windows\SysWOW64\reagentc.exe
reagentc.exe /disable
6⤵
PID:3368

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\
6⤵
- Command and Scripting Interpreter: PowerShell
PID:2908

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming
6⤵
- Command and Scripting Interpreter: PowerShell
PID:1608

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionExtension exe
6⤵
- Command and Scripting Interpreter: PowerShell
PID:2276

C:\Windows\SysWOW64\schtasks.exe
schtasks.exe /Create /SC ONLOGON /RU "NT Authority\System" /TR C:\Windows\MicrosoftCompabilityTelemetry.exe /TN MicrosoftCT
6⤵
- Scheduled Task/Job: Scheduled Task
PID:3396

C:\Users\Admin\Documents\NortonInstaller.exe
"C:\Users\Admin\Documents\NortonInstaller.exe"
3⤵
- Modifies WinLogon for persistence
- Windows security bypass
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2104

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NortonInstaller.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:1832

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NortonInstaller.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:3040

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NortonInstaller.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:3068

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\NortonInstaller.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
PID:2552

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
4⤵
PID:836

C:\Windows\SysWOW64\timeout.exe
timeout 1
5⤵
- Delays execution with timeout.exe
PID:1320

C:\Users\Admin\Documents\NortonInstaller.exe
"C:\Users\Admin\Documents\NortonInstaller.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam
PID:2200

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "LAN Subsystem" /xml "C:\Users\Admin\AppData\Local\Temp\tmpC60.tmp"
5⤵
- Scheduled Task/Job: Scheduled Task
PID:4216

C:\Users\Admin\Documents\WinExplorer.exe
"C:\Users\Admin\Documents\WinExplorer.exe"
3⤵
- Modifies WinLogon for persistence
- Windows security bypass
- Drops startup file
- Executes dropped EXE
- Windows security modification
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2816

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinExplorer.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2336

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinExplorer.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2392

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinExplorer.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2444

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Documents\WinExplorer.exe" -Force
4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1908

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
4⤵
PID:2728

C:\Windows\SysWOW64\timeout.exe
timeout 1
5⤵
- Delays execution with timeout.exe
PID:2460

C:\Users\Admin\Documents\WinExplorer.exe
"C:\Users\Admin\Documents\WinExplorer.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1504

C:\Users\Admin\Documents\WindowsExplorer.exe
"C:\Users\Admin\Documents\WindowsExplorer.exe"
5⤵
- Modifies WinLogon for persistence
- Adds policy Run key to start application
- Adds Run key to start application
- Modifies WinLogon
PID:3676

C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
6⤵
PID:3712

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
7⤵
- UAC bypass
- Modifies registry key
PID:3968

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\install.bat" "
6⤵
- Loads dropped DLL
PID:3824

C:\Windows\SysWOW64\PING.EXE
PING 127.0.0.1 -n 2
7⤵
- Runs ping.exe
PID:4040

C:\explorer\explorer.exe
"C:\explorer\explorer.exe"
7⤵
- Modifies WinLogon for persistence
- Adds policy Run key to start application
- Adds Run key to start application
- Modifies WinLogon
- Suspicious use of SetWindowsHookEx
PID:3664

C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
8⤵
PID:3884

C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
9⤵
- UAC bypass
- Modifies registry key
PID:1612

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:2348

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 15D0277DD9B6520EA41BC1AD2442320E C
2⤵
- Loads dropped DLL
PID:2808

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2356\dialog
Filesize
26KB

MD5
8a372c8339a8facc35088ce99a977d96

SHA1
bf83cad6c9ef75277ed308a6999a08491df106ef

SHA256
6a9f617ad2117b3756188ff46ae14e43981f0672904d68b9ba0b9c5ab3525ecf

SHA512
f23c3a0427b743061cfffc0310d97f7d62bf152e0acc3f13076f4c75ee653ef327ebb6a8f1b0553e7bddfe129b7261f061865b35791109a5ca08c4e00c73c1c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCC47.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI4C9.tmp
Filesize
381KB

MD5
1784f93d75b7bb91d6d0f8b58dc4c8a5

SHA1
0687632aaea1b8e8f5ae3a571c38f8231b7ebd6b

SHA256
12e19e33cac72fc0bc613de6b971075596df231ec52c063711edff4672da530c

SHA512
00501e54c0d7e4ccba3c307567f9b68a590738ac8d07a685de3c334f468cbc52631c038b79a6868caf7bfa65386580462f530317f85512db8f545919105975a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE25A.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WD+UAC.exe
Filesize
97KB

MD5
77796247470714fe3672f805d5ff6903

SHA1
1aca720af56f7120cbb923c5bd7ac877bcd834e6

SHA256
dfb39aae10f9924bf6658a9c16451968f8f677fde6d66f02269d3a9be106e0c5

SHA512
71118f3d837c10f813369203f0a58b9a0861b5981d47860d6f83227e56278f09d00ce8ae8c5c75fa442eeb79c3601eefcee50e91e4009d7902ea7c9be4bc49ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.bat
Filesize
127B

MD5
80b32b79bf519fce07cdf7b8b7881067

SHA1
2fe368e8f5855ef5f08c46f389bf3b5482ace60b

SHA256
8ed98d8b82c482aaa79a8ea2f1aaea676c5641d69f2478ba7f241e990d5d99b1

SHA512
dc7b986bd5de842d8beb315dea77a424194701b6272cac884dd31cd04586879fa93f3d1f44ec9ca01625b31115b00a2b5fe5028baef7d9ab277881653cab116e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB413.tmp.exe
Filesize
15.4MB

MD5
4328c8add156ae46095b9dca33124965

SHA1
5619d8300ae539380e6e8f9bd162c4b1e2a758a3

SHA256
c721819731018c283a7349f78b70490b226a7910d22d7ed3c6a9f290add5b38a

SHA512
bfefb038568b70adba5aff2daead04e2ca584f66ca4b24b3ec916c5973f322d4700f305d78715283ee851509d3b254719d61d33568f3cb63a0829f154fa39471

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBA5B.tmp.exe
Filesize
5.8MB

MD5
fdd4d52bbb965c0bbf636127143f47e1

SHA1
9ec40fb93806d2eb78ce5521d049169949a7e542

SHA256
165e41f653679302af8c4cd10153a1910afa48f785291825bf0f53e79424fe41

SHA512
abfe680f13cf4ff8d5255fe2f3f8cef173df3be62f96a4387ae61445653018628c360d15b77473a27b4c0704e2f04cb079c0e105b7297830dd66282a5055c465

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FFAFEA09-E7DA-4710-A278-7F0506C96829}\6C96829\ProtonVPN_win_v1.18.5.msi
Filesize
10.0MB

MD5
a60dd28d024fcf9e8a6127ebc48607d3

SHA1
08c0f02a46a11b26def6a4904f4b23e3e5eab0a4

SHA256
88d69e7711dfea37fe593fdf1b98c7648eb96a85e44bf0aa42dc038f192107e3

SHA512
3d6dfd48bc3650022be30bca4148b15f081005be7bf32872ac35a7c642641b56b05f59429245fd5b7870024b7a5d830cbebbb80776078a08a99034724b4582d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FFAFEA09-E7DA-4710-A278-7F0506C96829}\decoder.dll
Filesize
182KB

MD5
98c6c9d8f62c556e0de37ed9b6b09f9c

SHA1
3cbd11ded91c511f2f0f752541fab831d03d4f13

SHA256
7b90f9f0879d1b1b8d1ea396a0ad2684971b2b1d2303eee8b54d8294246f9440

SHA512
0897841429087873ddf2a0b3283d1ca582333ecf60f376ce06220a33e778d513a589be52473ae11c7ae474039925b434c99cd286eb250225075777446687cc3a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
Filesize
7KB

MD5
05e5d21fcd2bf82ca5f11d3e032b4180

SHA1
170182fbd81b25668b84c14c24c349dd0a267f38

SHA256
8af4cf94bed5cac0e1fccd3dfd501c65a2a80cbfde7b9124d63bde59db64097e

SHA512
6f91463c271710d94ec34600f3fb567565e1a1db11efb0cc7be847176bfd02be9d9c6001a70682bbb61eaf19b04325ecf8f1d15495021483f8c034c567b0f305

Download Submit
C:\Users\Admin\Documents\EdgeExplorer.exe
Filesize
1.3MB

MD5
824438344c636fdd81ff2e0d02577912

SHA1
ae288a2cc5bd0cce01615d8d568031c3e84902e2

SHA256
eaba5f0fb075665dc6568f05f66a271b0a03046da739d41de5920d78c40deb65

SHA512
09f1903c6244af5f191e64e9ff6025af6a1c752096b48d43094e5eb6f92c00a77381b49dd6d0d57fc995d4bc4a8375f0ef13d2a9cbc823e3d91b6b9f418b568b

Download Submit
C:\Users\Admin\Documents\EpicGames Service.exe
Filesize
1.1MB

MD5
b117965f227519eb5c8d6e86bc2dd2a4

SHA1
e1d80bd0958b69cc73eaf1ee26aa816f795aad63

SHA256
f8cfedc4ecdfa6a3e14f46968b5a8e6797a448b0d30f12015cd721121470fcfd

SHA512
728252062ff056079c811cfd42c52971b55e96771ecbd911c49f01c94927a1259ab96c2079e78aced2cae737302401889a3fda52c91d0eccc3719f24d17c177f

Download Submit
C:\Users\Admin\Documents\Firefoxinstaller.exe
Filesize
1.5MB

MD5
70d3bb5c6ca4166d190ad265b14f117e

SHA1
95497e892ee875ef226edf3db059121c2c5284ed

SHA256
7d8f13128ef978852b8a1446bba4f9c9dea53cbcd1fcedc08b2054cbe8b0e5d9

SHA512
0abff26122a137960f1d4564828b1456d0bdff68c87d120c3514cc2c819038d0c6c34398f67377898058b6e8d08f4676393831c413d80181786e459ef4d01720

Download Submit
C:\Users\Admin\Documents\Microsoft Compatibility Telemetry.exe
Filesize
7.1MB

MD5
006dfcd7f4d12929d5074900bf00dc22

SHA1
d8010282f5afad78f03871a8040feebb18253284

SHA256
02aa35eaff80eeb6d4bb7a773fdeac11aa9224e6c45a7af66fa1457f2662e4f0

SHA512
0d6794eba62e63ba7d6f905fdfdeb1f50c418c70b3efed5be7eab853123da5ae5959a06682b369bbe29ceb1226504476096e2fe32edff9bf251747d151a59934

Download Submit
C:\Users\Admin\Documents\Microsoft Compatibilitys Telemetry.exe
Filesize
21.4MB

MD5
e784df27426bef5378a6bcfc425acca8

SHA1
7da2e99357435e829444bb4e213738503f4c4b43

SHA256
8fc8e3f97a795ba56b3795dfc34495b0ff22cea8392197a4f0e3c97d9ca00e7d

SHA512
5dfd0838dcf47642f1f958a95301aa2a1f382c921458b8e66987d0bc6e86ebca12f9ca0c8cab158f8c8cb66dc3c57422157eb3ff26e33c11274785f27e60fca0

Download Submit
C:\Users\Admin\Documents\NortonInstaller.exe
Filesize
2.1MB

MD5
d2fe1a2f73303d37c178250add341b97

SHA1
e341e8adaec629d299101bbf1b9a3ca2bfaf7417

SHA256
26742bef88539fcb6beb9753293a4fef4044663cfcb0a799e989194fcdfd3456

SHA512
0c685c265ed28f7655bf27c1a5c1f735670df40ae6e4b835bac3cc62b63b8fe54af82ab0941ca988b1c3220e740c0b2508103a1736b72a79a27ea17bf9a1bc81

Download Submit
C:\Users\Admin\Documents\WinExplorer.exe
Filesize
1.0MB

MD5
3830fb01bdf4b41e2e9551d422caf795

SHA1
d63a892fc41d2be82de8d02a04b906a8595dcac9

SHA256
6c07127df2ebac66a59a3bc4157a891def20b61d87cf2d206353025893d01422

SHA512
5f2c54bd05b2fe4109b66e3721a19cd533899c3c694ca3a51422cb5d4015d536b96d0e16ea1f5ed8a43dc6d3e690a1702351034f3a68765d6dc6b16983c19886

Download Submit
C:\Users\Admin\Documents\WindowsExplorer.exe
Filesize
92KB

MD5
01ccde20287004986c0f29ff0df2e3b1

SHA1
18f9831e3246a08f000b0f4d6f009f2294c7c652

SHA256
862e652677b7a597b24efc1bdb16030ed8512a8e262050a4b40a829b58855860

SHA512
785545dcb74ca29b405261931be0464e65aadc84ebf51e7ad62af709b3867c3a706c9b4efc1e7f922e90c301ff0944feb2dbe6a790db7ac0ba4215b75fde86ee

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\ProtonVPN_win_v1.18.5.exe
Filesize
15.3MB

MD5
262b6d09ac1b4c02b38abde0e272c833

SHA1
f99ee3f05216f764f536c2e8aeeb70d6a7f7dd72

SHA256
5a29fed9209c85b1417f4a0efdf10f2779a5b838f8eccdb28cf3555a64e1ba6f

SHA512
75ed8c44a429572cbff9e0afdb0924f80c03f0b249da857a935b30f89fbeb4f4e04faa7f2c89e37a1ff718df01e648c90716fe7f501a65f3215237a11c98cc91

Download Submit
memory/400-19-0x0000000001120000-0x00000000016FA000-memory.dmp

Filesize
5.9MB

Download
memory/1008-99-0x00000000004D0000-0x0000000000500000-memory.dmp

Filesize
192KB

Download
memory/1008-71-0x0000000000CA0000-0x0000000000DB4000-memory.dmp

Filesize
1.1MB

Download
memory/1216-118-0x0000000001330000-0x00000000028A6000-memory.dmp

Filesize
21.5MB

Download
memory/1216-170-0x000000000B460000-0x000000000B76A000-memory.dmp

Filesize
3.0MB

Download
memory/1504-311-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1504-334-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1504-313-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1504-309-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1504-315-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1504-316-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1504-328-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1504-307-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1512-353-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1512-367-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1512-351-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1512-349-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1512-347-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1512-343-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1512-354-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1512-365-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/1576-746-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1660-2-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

Filesize
9.6MB

Download
memory/1660-1-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

Filesize
9.6MB

Download
memory/1660-15-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

Filesize
9.6MB

Download
memory/1660-0-0x000007FEF657E000-0x000007FEF657F000-memory.dmp

Filesize
4KB

Download
memory/1724-9-0x0000000074CFE000-0x0000000074CFF000-memory.dmp

Filesize
4KB

Download
memory/1724-16-0x0000000000960000-0x00000000018BE000-memory.dmp

Filesize
15.4MB

Download
memory/1956-374-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1956-339-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1956-341-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1956-342-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1956-344-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1956-337-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1956-514-0x00000000003A0000-0x00000000003AA000-memory.dmp

Filesize
40KB

Download
memory/1956-335-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1956-332-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1964-97-0x0000000000A20000-0x0000000000A60000-memory.dmp

Filesize
256KB

Download
memory/1964-96-0x0000000001260000-0x00000000013F0000-memory.dmp

Filesize
1.6MB

Download
memory/2104-144-0x0000000000880000-0x00000000008D4000-memory.dmp

Filesize
336KB

Download
memory/2104-135-0x0000000001190000-0x00000000013B4000-memory.dmp

Filesize
2.1MB

Download
memory/2200-772-0x00000000005B0000-0x00000000005BA000-memory.dmp

Filesize
40KB

Download
memory/2200-325-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2200-774-0x00000000005C0000-0x00000000005DE000-memory.dmp

Filesize
120KB

Download
memory/2200-775-0x00000000007F0000-0x00000000007FA000-memory.dmp

Filesize
40KB

Download
memory/2200-331-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2200-317-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2200-319-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2200-321-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2200-330-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2200-323-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2200-326-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2320-234-0x0000000077A60000-0x0000000077B7F000-memory.dmp

Filesize
1.1MB

Download
memory/2320-235-0x0000000077960000-0x0000000077A5A000-memory.dmp

Filesize
1000KB

Download
memory/2320-236-0x0000000002E40000-0x0000000003A8A000-memory.dmp

Filesize
12.3MB

Download
memory/2664-47-0x0000000000DA0000-0x0000000000DC2000-memory.dmp

Filesize
136KB

Download
memory/2664-62-0x0000000000390000-0x0000000000396000-memory.dmp

Filesize
24KB

Download
memory/2740-98-0x0000000000470000-0x00000000004A6000-memory.dmp

Filesize
216KB

Download
memory/2740-57-0x0000000000320000-0x0000000000466000-memory.dmp

Filesize
1.3MB

Download
memory/2816-148-0x0000000000950000-0x0000000000A5C000-memory.dmp

Filesize
1.0MB

Download
memory/2816-152-0x0000000000310000-0x000000000033E000-memory.dmp

Filesize
184KB

Download
memory/3416-721-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3416-717-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3416-731-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3416-715-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3416-724-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3416-725-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3416-719-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3752-773-0x0000000001100000-0x000000000182C000-memory.dmp

Filesize
7.2MB

Download
memory/259620-797-0x0000000000E40000-0x0000000000E68000-memory.dmp

Filesize
160KB

Download
memory/271176-798-0x00000000003D0000-0x0000000000AFC000-memory.dmp

Filesize
7.2MB

Download
memory/282752-799-0x0000000000820000-0x0000000000F4C000-memory.dmp

Filesize
7.2MB

Download
memory/294124-800-0x00000000011A0000-0x00000000018CC000-memory.dmp

Filesize
7.2MB

Download
memory/343604-803-0x00000000003F0000-0x0000000000B1C000-memory.dmp

Filesize
7.2MB

Download
memory/368792-805-0x0000000000F10000-0x000000000163C000-memory.dmp

Filesize
7.2MB

Download