Overview

overview

8

Static

static

3

Xeno-v1.0.5-x64.zip

windows7-x64

1

Xeno-v1.0.5-x64.zip

windows10-2004-x64

8

Resubmissions

21/09/2024, 22:06

240921-1z6b5awgnn 8

21/09/2024, 22:05

240921-1zty4awglr 3

21/09/2024, 22:05

240921-1zqxfawgjc 6

21/09/2024, 21:52

240921-1rgzkawcrl 8

21/09/2024, 21:52

240921-1rav9awcqm 6

21/09/2024, 21:43

240921-1lcgwsvhnc 3

21/09/2024, 21:43

240921-1k2emawakn 6

21/09/2024, 21:42

240921-1ks39avhkg 6

21/09/2024, 21:34

240921-1eswasvfrl 6

Analysis

  • max time kernel
    1799s
  • max time network
    1693s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 22:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Xeno-v1.0.5-x64.zip

  • Size

    4.1MB

  • MD5

    2082fb4c91583ef7c09766de61cdd1f2

  • SHA1

    6bbc4f900c3df27731b00c9d57e3327d0e5c9199

  • SHA256

    a19dc47dbaad01da2e029f993f013e3abc77cab80813bbb65fb3348226a938d5

  • SHA512

    8ba3c313045933729ab6114aa5ce206d3f78c738bab78f7805a8123e954e32098a746559474cc7be587646d15fa223ad0c5aefd27dabec3a339f9cab65c78b06

  • SSDEEP

    98304:4/eSPHy20NL9Cteaqxt5JwlVLnwphakez+XnDHS9aIhcewTvZRirOFRXLNt+zst:4WSfy1l9UeaSt5J4uhJeSLSZhQBRiiF3

Score
8/10
adwarediscoveryevasionpersistenceprivilege_escalationstealertrojan

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Downloads MZ/PE file
  • Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 8 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 17 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Checks system information in the registry 2 TTPs 36 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 31 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 10 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 43 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64.zip
    1⤵
      PID:2804
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd068846f8,0x7ffd06884708,0x7ffd06884718
        2⤵
          PID:4976
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
          2⤵
            PID:4612
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2888
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
            2⤵
              PID:1436
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:2464
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
                2⤵
                  PID:2536
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
                  2⤵
                    PID:3680
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2864 /prefetch:1
                    2⤵
                      PID:1648
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
                      2⤵
                        PID:964
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2064
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
                        2⤵
                          PID:1192
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
                          2⤵
                            PID:368
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
                            2⤵
                              PID:944
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                              2⤵
                                PID:1064
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5440 /prefetch:8
                                2⤵
                                  PID:2652
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5436 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4416
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                                  2⤵
                                    PID:2848
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                                    2⤵
                                      PID:4240
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                                      2⤵
                                        PID:4452
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
                                        2⤵
                                          PID:5220
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                                          2⤵
                                            PID:5492
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
                                            2⤵
                                              PID:5500
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3024 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2192
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
                                              2⤵
                                                PID:2804
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6248 /prefetch:8
                                                2⤵
                                                  PID:5648
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                                                  2⤵
                                                    PID:5268
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6404 /prefetch:8
                                                    2⤵
                                                      PID:5220
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:3440
                                                    • C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
                                                      "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • System Location Discovery: System Language Discovery
                                                      PID:5516
                                                      • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
                                                        3⤵
                                                        • Event Triggered Execution: Image File Execution Options Injection
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:736
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          PID:5464
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          • Modifies registry class
                                                          PID:5608
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:5632
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:944
                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.19\MicrosoftEdgeUpdateComRegisterShell64.exe"
                                                            5⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Modifies registry class
                                                            PID:2584
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjI3MDcxOUMtMTYwNS00MEZBLTk1RjItNUQzMzlGNjdGQ0Q3fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezk3NkI5MTYzLTU1RUQtNEI0Qy05QkIzLTFERTUyOTQ2NkUzQn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE1IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzE0MDY1MDEwMyIgaW5zdGFsbF90aW1lX21zPSI3NzgiLz48L2FwcD48L3JlcXVlc3Q-
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • System Location Discovery: System Language Discovery
                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                          PID:1652
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{2270719C-1605-40FA-95F2-5D339F67FCD7}" /offlinedir "{137AFD3F-C583-414B-BE9A-462F61BE6225}"
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5728
                                                    • C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
                                                      "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
                                                      2⤵
                                                      • Executes dropped EXE
                                                      • Drops file in Program Files directory
                                                      • System Location Discovery: System Language Discovery
                                                      PID:3848
                                                      • C:\Program Files (x86)\Microsoft\Temp\EU2835.tmp\MicrosoftEdgeUpdate.exe
                                                        "C:\Program Files (x86)\Microsoft\Temp\EU2835.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
                                                        3⤵
                                                        • Checks computer location settings
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Checks system information in the registry
                                                        • System Location Discovery: System Language Discovery
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:1880
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          PID:3856
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzdFMUE4MUEtRjAwRC00MEMwLUE1M0ItMjA3NzQ2QTZFNzM2fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezFBQkVCNzUwLTU5NzYtNDRDMi04MDM4LTU2RUI2RUM4N0RFRX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzIyMjIyODQ5MyIgaW5zdGFsbF90aW1lX21zPSI0NyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Checks system information in the registry
                                                          • System Location Discovery: System Language Discovery
                                                          • System Network Configuration Discovery: Internet Connection Discovery
                                                          PID:4304
                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{C7E1A81A-F00D-40C0-A53B-207746A6E736}" /offlinedir "{8D1648EC-498A-48CD-8D1E-DBC79E7ACB8F}"
                                                          4⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • System Location Discovery: System Language Discovery
                                                          PID:2380
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1340 /prefetch:1
                                                      2⤵
                                                        PID:3464
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                                                        2⤵
                                                          PID:4788
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4660 /prefetch:8
                                                          2⤵
                                                            PID:640
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,7980607021183304714,14322211782987691567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:8
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:816
                                                          • C:\Users\Admin\Downloads\Xeno.exe
                                                            "C:\Users\Admin\Downloads\Xeno.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:912
                                                          • C:\Users\Admin\Downloads\Xeno.exe
                                                            "C:\Users\Admin\Downloads\Xeno.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:4360
                                                          • C:\Users\Admin\Downloads\Xeno.exe
                                                            "C:\Users\Admin\Downloads\Xeno.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            PID:2588
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:2056
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:2396
                                                            • C:\Windows\System32\rundll32.exe
                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                              1⤵
                                                                PID:3752
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks system information in the registry
                                                                • System Location Discovery: System Language Discovery
                                                                PID:2972
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjI3MDcxOUMtMTYwNS00MEZBLTk1RjItNUQzMzlGNjdGQ0Q3fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OERFRTJBOUYtODE0Qy00MTIwLUFBMDYtMkE3MDkyNzUyOEUwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90Oy9yMjUycCs2Ylo0b2lURnM1WTF3dCt4c3BlWlgzWUNDNi9MNlo2UEl1ZWM9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI1MCIgaW5zdGFsbGRhdGV0aW1lPSIxNzIyNjAyNjYyIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzNjcwNzUyODYxNDQyNzM1Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjExNDMyNSIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzE1MDI2NzE5NiIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                  PID:440
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A307B02-599F-487C-B4CD-5A012F1C1B4D}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A307B02-599F-487C-B4CD-5A012F1C1B4D}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:5856
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A307B02-599F-487C-B4CD-5A012F1C1B4D}\EDGEMITMP_46FCB.tmp\setup.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A307B02-599F-487C-B4CD-5A012F1C1B4D}\EDGEMITMP_46FCB.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A307B02-599F-487C-B4CD-5A012F1C1B4D}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                    3⤵
                                                                    • Checks computer location settings
                                                                    • Executes dropped EXE
                                                                    • Drops file in Program Files directory
                                                                    PID:3336
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A307B02-599F-487C-B4CD-5A012F1C1B4D}\EDGEMITMP_46FCB.tmp\setup.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A307B02-599F-487C-B4CD-5A012F1C1B4D}\EDGEMITMP_46FCB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6A307B02-599F-487C-B4CD-5A012F1C1B4D}\EDGEMITMP_46FCB.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x7ff6ada276f0,0x7ff6ada276fc,0x7ff6ada27708
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      PID:3472
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjI3MDcxOUMtMTYwNS00MEZBLTk1RjItNUQzMzlGNjdGQ0Q3fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7MTBBNzVGRDItMjRGMi00NTI0LTkzNTYtNDlENDM1ODhGNDE0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90Oy9yMjUycCs2Ylo0b2lURnM1WTF3dCt4c3BlWlgzWUNDNi9MNlo2UEl1ZWM9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyOS4wLjI3OTIuNTIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxNTc3NjExMzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3MTU3NzYxMTM5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzE2NTczMzU0MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcxNzg1NjEyNzQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc3ODc5MzY0ODQiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZWQ9IjE3MzkwMjI4MCIgdG90YWw9IjE3MzkwMjI4MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNjA5MzgiLz48L2FwcD48L3JlcXVlc3Q-
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                  PID:2040
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:4300
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\EDGEMITMP_4E2BE.tmp\setup.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\EDGEMITMP_4E2BE.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                    3⤵
                                                                    • Checks computer location settings
                                                                    • Executes dropped EXE
                                                                    • Drops file in Program Files directory
                                                                    PID:6100
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\EDGEMITMP_4E2BE.tmp\setup.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\EDGEMITMP_4E2BE.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\EDGEMITMP_4E2BE.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6f79b76f0,0x7ff6f79b76fc,0x7ff6f79b7708
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      PID:6136
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QzdFMUE4MUEtRjAwRC00MEMwLUE1M0ItMjA3NzQ2QTZFNzM2fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7NTY3NThFOTUtRTcwQy00QjMwLUFFM0MtNjEyNkNDODBFMEI2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90Oy9yMjUycCs2Ylo0b2lURnM1WTF3dCt4c3BlWlgzWUNDNi9MNlo2UEl1ZWM9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyOS4wLjI3OTIuNTIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjcyMzYwNjA5NTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3Nzg4MDkyMzA5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzc5Nzk0OTk5NyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc4MTI4MTU5NzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjgzMjI1MDMxNjYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZWQ9IjE3MzkwMjI4MCIgdG90YWw9IjE3MzkwMjI4MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNTA5NTQiLz48L2FwcD48L3JlcXVlc3Q-
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                  PID:5960
                                                              • C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
                                                                "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Drops file in Program Files directory
                                                                • System Location Discovery: System Language Discovery
                                                                PID:1016
                                                                • C:\Program Files (x86)\Microsoft\Temp\EU341E.tmp\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\Temp\EU341E.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
                                                                  2⤵
                                                                  • Checks computer location settings
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:400
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:1912
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzZCMjYzNTEtRTQ4Ny00MzdFLThDQ0EtMUQ2NkEyQUU3MTM4fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezY0QzY0MTBFLTNBMDktNDNDOS1BQzZDLUNEM0RDMUIxQUZDQX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDsvcjI1MnArNmJaNG9pVEZzNVkxd3QreHNwZVpYM1lDQzYvTDZaNlBJdWVjPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIxMTI3NDA4OCIgaW5zdGFsbF90aW1lX21zPSI2MyIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • Checks system information in the registry
                                                                    • System Location Discovery: System Language Discovery
                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                    PID:4112
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{36B26351-E487-437E-8CCA-1D66A2AE7138}" /offlinedir "{8025F81B-622D-4CF3-B9F6-9EBECFEC9D84}"
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:3112
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks system information in the registry
                                                                • System Location Discovery: System Language Discovery
                                                                PID:4992
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D4684DD-236B-41A5-86B3-A616291D8C74}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D4684DD-236B-41A5-86B3-A616291D8C74}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:4688
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D4684DD-236B-41A5-86B3-A616291D8C74}\EDGEMITMP_5D9AF.tmp\setup.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D4684DD-236B-41A5-86B3-A616291D8C74}\EDGEMITMP_5D9AF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D4684DD-236B-41A5-86B3-A616291D8C74}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                    3⤵
                                                                    • Checks computer location settings
                                                                    • Executes dropped EXE
                                                                    • Drops file in Program Files directory
                                                                    PID:5832
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D4684DD-236B-41A5-86B3-A616291D8C74}\EDGEMITMP_5D9AF.tmp\setup.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D4684DD-236B-41A5-86B3-A616291D8C74}\EDGEMITMP_5D9AF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{5D4684DD-236B-41A5-86B3-A616291D8C74}\EDGEMITMP_5D9AF.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff6688276f0,0x7ff6688276fc,0x7ff668827708
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Drops file in Program Files directory
                                                                      PID:3152
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzZCMjYzNTEtRTQ4Ny00MzdFLThDQ0EtMUQ2NkEyQUU3MTM4fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7ODg3NDg3MDktQzA0OS00MTE1LUJDREMtMDQyMUYzNUM5NjM0fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90Oy9yMjUycCs2Ylo0b2lURnM1WTF3dCt4c3BlWlgzWUNDNi9MNlo2UEl1ZWM9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyOS4wLjI3OTIuNTIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyMjU4MjQ2MDEiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjI1OTgwNjYzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTIzNTcxMjU1OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjkyNTA5MjU5NTciIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3NjU1MTQ3NTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZWQ9IjE3MzkwMjI4MCIgdG90YWw9IjE3MzkwMjI4MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iNTE0NTkiLz48L2FwcD48L3JlcXVlc3Q-
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Loads dropped DLL
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                  PID:4264
                                                              • C:\Program Files\7-Zip\7zG.exe
                                                                "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\" -ad -an -ai#7zMap11165:110:7zEvent4525
                                                                1⤵
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:4468
                                                              • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks whether UAC is enabled
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:3752
                                                              • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks whether UAC is enabled
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:5648
                                                              • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks whether UAC is enabled
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1960
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks system information in the registry
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:4832
                                                              • C:\Users\Admin\Downloads\Xeno.exe
                                                                "C:\Users\Admin\Downloads\Xeno.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                PID:1424
                                                              • C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
                                                                "C:\Users\Admin\Downloads\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Drops file in Program Files directory
                                                                • System Location Discovery: System Language Discovery
                                                                PID:6112
                                                                • C:\Program Files (x86)\Microsoft\Temp\EUEBC0.tmp\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\Temp\EUEBC0.tmp\MicrosoftEdgeUpdate.exe" /installsource taggedmi /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
                                                                  2⤵
                                                                  • Checks computer location settings
                                                                  • Executes dropped EXE
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:5292
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /healthcheck
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:5272
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTE1RDJBMjEtMzM4MS00NjExLUJCQzctNkY3NkYzOEU5NTk4fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezIyODI0QkEyLTc3QTEtNDU2Qy04NzNGLTk4NDA0NUY1Q0NBRH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI4IiBwaHlzbWVtb3J5PSI4IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjE5IiBuZXh0dmVyc2lvbj0iMS4zLjE5NS4xOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzMjkwNDYyMzEiIGluc3RhbGxfdGltZV9tcz0iNDciLz48L2FwcD48L3JlcXVlc3Q-
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Checks system information in the registry
                                                                    • System Location Discovery: System Language Discovery
                                                                    • System Network Configuration Discovery: Internet Connection Discovery
                                                                    PID:2192
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{115D2A21-3381-4611-BBC7-6F76F38E9598}" /offlinedir "{96A79628-78DF-4E59-861C-FBC99AD1EA5A}"
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:2508
                                                              • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks whether UAC is enabled
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:2040
                                                              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Checks system information in the registry
                                                                • System Location Discovery: System Language Discovery
                                                                • Modifies data under HKEY_USERS
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:5756
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCEA1B83-6322-4018-800A-7547FDB121EF}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCEA1B83-6322-4018-800A-7547FDB121EF}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  PID:3020
                                                                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCEA1B83-6322-4018-800A-7547FDB121EF}\EDGEMITMP_49469.tmp\setup.exe
                                                                    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCEA1B83-6322-4018-800A-7547FDB121EF}\EDGEMITMP_49469.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCEA1B83-6322-4018-800A-7547FDB121EF}\MicrosoftEdgeWebview_X64_129.0.2792.52.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
                                                                    3⤵
                                                                    • Checks computer location settings
                                                                    • Executes dropped EXE
                                                                    • Drops file in Program Files directory
                                                                    PID:5476
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCEA1B83-6322-4018-800A-7547FDB121EF}\EDGEMITMP_49469.tmp\setup.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCEA1B83-6322-4018-800A-7547FDB121EF}\EDGEMITMP_49469.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{DCEA1B83-6322-4018-800A-7547FDB121EF}\EDGEMITMP_49469.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff72db076f0,0x7ff72db076fc,0x7ff72db07708
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      PID:4464
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTE1RDJBMjEtMzM4MS00NjExLUJCQzctNkY3NkYzOEU5NTk4fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7NkE3NDU1MTAtREI1Ni00OEJGLUJDOEItMkVGMThGRUIwQjk4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90Oy9yMjUycCs2Ylo0b2lURnM1WTF3dCt4c3BlWlgzWUNDNi9MNlo2UEl1ZWM9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyOS4wLjI3OTIuNTIiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzQ3MTI2NjUyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAzNDc0MzkxNzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDM1ODI2MDA0MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMzczMjc2NDgzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMDg4NDE2NzUwMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlZD0iMTczOTAyMjgwIiB0b3RhbD0iMTczOTAyMjgwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMSIgaW5zdGFsbF90aW1lX21zPSI1MTA4OSIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Checks system information in the registry
                                                                  • System Location Discovery: System Language Discovery
                                                                  • System Network Configuration Discovery: Internet Connection Discovery
                                                                  PID:5660
                                                                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\MicrosoftEdge_X64_129.0.2792.52.exe
                                                                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\MicrosoftEdge_X64_129.0.2792.52.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                  2⤵
                                                                    PID:3740
                                                                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe
                                                                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\MicrosoftEdge_X64_129.0.2792.52.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
                                                                      3⤵
                                                                      • Boot or Logon Autostart Execution: Active Setup
                                                                      • Installs/modifies Browser Helper Object
                                                                      • Drops file in Program Files directory
                                                                      • Modifies Internet Explorer settings
                                                                      • Modifies registry class
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      • System policy modification
                                                                      PID:6116
                                                                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe
                                                                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6650376f0,0x7ff6650376fc,0x7ff665037708
                                                                        4⤵
                                                                          PID:4412
                                                                        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe
                                                                          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
                                                                          4⤵
                                                                          • Drops file in System32 directory
                                                                          • Modifies data under HKEY_USERS
                                                                          PID:4876
                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe
                                                                            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CED9330D-5432-419E-939F-3A99222C2C5A}\EDGEMITMP_9EFCF.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6650376f0,0x7ff6650376fc,0x7ff665037708
                                                                            5⤵
                                                                              PID:3016
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
                                                                            4⤵
                                                                            • Drops file in Program Files directory
                                                                            PID:1220
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6677b76f0,0x7ff6677b76fc,0x7ff6677b7708
                                                                              5⤵
                                                                                PID:1716
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
                                                                              4⤵
                                                                                PID:1084
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.59 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\129.0.2792.52\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.52 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6677b76f0,0x7ff6677b76fc,0x7ff6677b7708
                                                                                  5⤵
                                                                                    PID:3220
                                                                            • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                                                                              "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuMTkiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuMTkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDNBMUE2MTUtNjIwQS00M0QwLUE0MzYtMEE3RkUxOEMxM0M1fSIgdXNlcmlkPSJ7MDFEOTU3OUMtRUY4NC00NzMwLUJCNzgtRTIzNjZBNEU1NjJDfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCMDM2NzFBMC0xRERFLTRFNEQtOTk1MS00QzE5QzJDNTQzQ0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7L3IyNTJwKzZiWjRvaVRGczVZMXd0K3hzcGVaWDNZQ0M2L0w2WjZQSXVlYz0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE5NS4xOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJJc09uSW50ZXJ2YWxDb21tYW5kc0FsbG93ZWQ9JTVCJTIyLXRhcmdldF9kZXYlMjAtbWluX2Jyb3dzZXJfdmVyc2lvbl9jYW5hcnlfZGV2JTIwMTMwLjAuMjgzNS4wJTIyJTVEIiBpbnN0YWxsYWdlPSI1MCIgY29ob3J0PSJycmZAMC45OCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI1MCIgcmQ9IjY0MjMiIHBpbmdfZnJlc2huZXNzPSJ7NDNGOTRBODEtRjY2OC00NjcwLTg0OEMtRDMyRjIyNkRFOUI1fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IjEyOS4wLjI3OTIuNTIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iNTAiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM3MTQyOTk5OTY4MDMzMTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNDEwNDY0MTg0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwODg0MzIzNTkwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjg1NDEwNzQzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2U5ZGNjM2Q3LWQyNGEtNDA3ZC04Zjc0LTc1YzNkN2ZkOGNmZT9QMT0xNzI3NTYxNzY5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PVNNJTJmZWxVcDlHYUtSOXUxSTdyTSUyZkxMdzRxVUxLUElVRUVsemVrNExCcXJ0bXNseFRleDJuVUZ2WDJ0OEdYMk5QM2pVMGZrQXVvemJEQ01weDNORllsQSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIxNyIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMjg1NDEwNzQzNyIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZTlkY2MzZDctZDI0YS00MDdkLThmNzQtNzVjM2Q3ZmQ4Y2ZlP1AxPTE3Mjc1NjE3NjkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9U00lMmZlbFVwOUdhS1I5dTFJN3JNJTJmTEx3NHFVTEtQSVVFRWx6ZWs0TEJxcnRtc2x4VGV4Mm5VRnZYMnQ4R1gyTlAzalUwZmtBdW96YkRDTXB4M05GWWxBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTczOTAyMjgwIiB0b3RhbD0iMTczOTAyMjgwIiBkb3dubG9hZF90aW1lX21zPSIxOTA4MzgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4NTQyNjM2MTIiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTI4Njc4NTc2NjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMzc5NDE5OTU0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNDAxIiBkb3dubG9hZF90aW1lX21zPSIxOTY5NjMiIGRvd25sb2FkZWQ9IjE3MzkwMjI4MCIgdG90YWw9IjE3MzkwMjI4MCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTExNDEiLz48cGluZyBhY3RpdmU9IjEiIGE9IjUwIiByPSI1MCIgYWQ9IjY0MjMiIHJkPSI2NDIzIiBwaW5nX2ZyZXNobmVzcz0ie0JGMjcyNjA1LURFRDctNDA1My1BMEZCLTA5MDFCMjA4OUVDNn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTI5LjAuMjc5Mi41MiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuMTMiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iLTEiIHJkPSItMSIgcGluZ19mcmVzaG5lc3M9InsxQTQ4M0UzRi1DRjY0LTQzN0UtQTc2Mi01NkZDOEM0RDE1MTV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                                                                              2⤵
                                                                              • Checks system information in the registry
                                                                              • System Location Discovery: System Language Discovery
                                                                              • System Network Configuration Discovery: Internet Connection Discovery
                                                                              PID:5040
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\WebView2Loader.dll
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:5728
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\WebView2Loader.dll
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:5608
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.dll
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:4180
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.dll
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:2044
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.dll
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:992
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\XenoUI.dll
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:2968
                                                                          • C:\Windows\system32\taskmgr.exe
                                                                            "C:\Windows\system32\taskmgr.exe" /4
                                                                            1⤵
                                                                            • Checks SCSI registry key(s)
                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            • Suspicious use of SendNotifyMessage
                                                                            PID:512
                                                                          • C:\Windows\system32\OpenWith.exe
                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                            1⤵
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:5788
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:5940
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:2508
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:5164
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\libcrypto-3-x64.dll
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:6036
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe" C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Microsoft.Web.WebView2.WinForms.dll
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Checks whether UAC is enabled
                                                                            PID:4972
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                            1⤵
                                                                            • Checks whether UAC is enabled
                                                                            PID:2496
                                                                          • C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.5-x64\Xeno-v1.0.5-x64\Xeno.exe"
                                                                            1⤵
                                                                            • Checks whether UAC is enabled
                                                                            PID:5196

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Reconnaissance

                                                                          Resource Development

                                                                          Initial Access

                                                                          Execution

                                                                          Persistence

                                                                          Boot or Logon Autostart Execution

                                                                          1
                                                                          T1547

                                                                          Active Setup

                                                                          1
                                                                          T1547.014

                                                                          Browser Extensions

                                                                          1
                                                                          T1176

                                                                          Event Triggered Execution

                                                                          2
                                                                          T1546

                                                                          Component Object Model Hijacking

                                                                          1
                                                                          T1546.015

                                                                          Image File Execution Options Injection

                                                                          1
                                                                          T1546.012

                                                                          Privilege Escalation

                                                                          Boot or Logon Autostart Execution

                                                                          1
                                                                          T1547

                                                                          Active Setup

                                                                          1
                                                                          T1547.014

                                                                          Event Triggered Execution

                                                                          2
                                                                          T1546

                                                                          Component Object Model Hijacking

                                                                          1
                                                                          T1546.015

                                                                          Image File Execution Options Injection

                                                                          1
                                                                          T1546.012

                                                                          Defense Evasion

                                                                          Modify Registry

                                                                          4
                                                                          T1112

                                                                          Credential Access

                                                                          Discovery

                                                                          Browser Information Discovery

                                                                          1
                                                                          T1217

                                                                          Peripheral Device Discovery

                                                                          1
                                                                          T1120

                                                                          Query Registry

                                                                          6
                                                                          T1012

                                                                          System Information Discovery

                                                                          6
                                                                          T1082

                                                                          System Location Discovery

                                                                          1
                                                                          T1614

                                                                          System Language Discovery

                                                                          1
                                                                          T1614.001

                                                                          System Network Configuration Discovery

                                                                          1
                                                                          T1016

                                                                          Internet Connection Discovery

                                                                          1
                                                                          T1016.001

                                                                          Lateral Movement

                                                                          Collection

                                                                          Command and Control

                                                                          Exfiltration

                                                                          Impact

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Program Files (x86)\Microsoft\EdgeCore\129.0.2792.52\Installer\setup.exe
                                                                            Filesize

                                                                            6.6MB

                                                                            MD5

                                                                            00bcd9d9dcf8c6376d677caa332c04e3

                                                                            SHA1

                                                                            0a86d25ce5d84a0371064ff3bb38a6ff6a3a27c0

                                                                            SHA256

                                                                            08003badaf082b1f7c535b98abaf9f9953004668c5192fba75786e2036d59c14

                                                                            SHA512

                                                                            fdfaee47cc7b434141a7b860d260d1cb9a130140e4838ba591256a9f93d04bb5ee839da9961fedc2c65d9557b9095a12bfd94573a2af7983c5856051007a835f

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{577E338C-E580-466E-B65E-8F364567AF1C}\EDGEMITMP_4E2BE.tmp\SETUP.EX_
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            8aa9d6e8c4dc389c1b993cb1d68533b4

                                                                            SHA1

                                                                            65210151f58426463956f7bab2196c5765547b63

                                                                            SHA256

                                                                            03d33a5681f517b20ab5f57f56f91601f06ee2677b0a73376737465e17d3b186

                                                                            SHA512

                                                                            8fb36c2fa3ddc4c43fdcdf80f43526430fd2d1e14c89f698a0a6787c2581ef21f5a66c5f3bcbeb0040ad852274a85df3210dd140892fcf91ea6b436bcb21ba1f

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EU341E.tmp\OfflineManifest.gup
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            0c4af93d86295b8b4da52d4e267b925c

                                                                            SHA1

                                                                            5953102e9d773a24c65d706de17dfb37c95e273f

                                                                            SHA256

                                                                            533ecf5e367e4fab2c4a697d3a3b1ec6251c61cbe78c3e3c580e813bf466525e

                                                                            SHA512

                                                                            63536cf18c94b4d1e944b73cb2e8d3247683aecce4409a7caea1e91030425498710cd186e0d6dfa516def1fe47fcb167fe5519550760d34ae0fb25fdf9aa7672

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\EdgeUpdate.dat
                                                                            Filesize

                                                                            12KB

                                                                            MD5

                                                                            369bbc37cff290adb8963dc5e518b9b8

                                                                            SHA1

                                                                            de0ef569f7ef55032e4b18d3a03542cc2bbac191

                                                                            SHA256

                                                                            3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                                                                            SHA512

                                                                            4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                                                                            Filesize

                                                                            182KB

                                                                            MD5

                                                                            3a6b04122205ec351f8fbef3e20f65c4

                                                                            SHA1

                                                                            ba2e989a1f1963652405b632f5020e972da76a8c

                                                                            SHA256

                                                                            7ba65317643fbc0d03195bdeeba318732823a91ef27f62483d5fc0ed3fea4912

                                                                            SHA512

                                                                            2a0dbc91e79c42bf934ce7ab41ff6ed900322706bb71ffa1f3ade4ad85e0e1de2fa31540e1f1e0e979ad749c84343563ebe341585965f2f3a62debd6b4ab0cb0

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\MicrosoftEdgeUpdate.exe
                                                                            Filesize

                                                                            201KB

                                                                            MD5

                                                                            b0d94ffd264b31a419e84a9b027d926b

                                                                            SHA1

                                                                            4c36217abe4aebe9844256bf6b0354bb2c1ba739

                                                                            SHA256

                                                                            f471d9ff608fe58da68a49af83a7fd9a3d6bf5a5757d340f7b8224b6cd8bddf6

                                                                            SHA512

                                                                            d68737f1d87b9aa410d13b494c1817d5391e8f098d1cdf7b672f57713b289268a2d1e532f2fc7fec44339444205affb996e32b23c3162e2a539984be05bb20c4

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                                                                            Filesize

                                                                            215KB

                                                                            MD5

                                                                            1d35f02c24d817cd9ae2b9bd75a4c135

                                                                            SHA1

                                                                            8e9a8fe8ca927f2b40f751f2f2b1e206f1d0905f

                                                                            SHA256

                                                                            0abf4f0fe0033a56ebdaff875b63cc083fd9c8628d2fb2ab5826d3c0c687b262

                                                                            SHA512

                                                                            17d8582c96b22372a6e1a925ccc75531f9bab75ebe651a513774a02021801d38e8f49b4e9679a9dfc53ccc29193fed18ab2e2935b9b7423605e63501028240e9

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\MicrosoftEdgeUpdateCore.exe
                                                                            Filesize

                                                                            262KB

                                                                            MD5

                                                                            e468fe744cbaebc00b08578f6c71fbc0

                                                                            SHA1

                                                                            2ae65aadb9ab82d190bdcb080e00ff9414e3c933

                                                                            SHA256

                                                                            7c75c35f4222e83088de98ba25595eb76013450fc959d7feefcab592d1c9839f

                                                                            SHA512

                                                                            184a6f2378463c3ccc0f491f4a12d6cac38b10a916c8525a27acd91f681eb8fb0be956fc4bdb99e5a6c7b76f871069f939c996e93a68ff0a6c305195a6049276

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\NOTICE.TXT
                                                                            Filesize

                                                                            4KB

                                                                            MD5

                                                                            6dd5bf0743f2366a0bdd37e302783bcd

                                                                            SHA1

                                                                            e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                                                                            SHA256

                                                                            91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                                                                            SHA512

                                                                            f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdate.dll
                                                                            Filesize

                                                                            2.1MB

                                                                            MD5

                                                                            b0da0a3975239134c6454035e5c3ed79

                                                                            SHA1

                                                                            fbea5c89ef828564f3d3640d38b8a9662c5260e6

                                                                            SHA256

                                                                            c590d1af571d75d85cfe6cb3d1aa0808c702bcefd1b74b93ea423676859fb8ba

                                                                            SHA512

                                                                            5fbfa431a855d634bcbef4c54e5cc62b6435629305efee11559f66473c427ad0775c09364d37aaa7a4a8a963800886f6547a52ae680a1ff2c4dcc52c87d994bb

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_af.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            c54dfe1257b6b4e1c6b65dabf464c9fa

                                                                            SHA1

                                                                            aef273340160af0470321e36e9c89e1a858e9d39

                                                                            SHA256

                                                                            0c426d4d48efff328a0da5497af24e83892a2ed1d6397a6dc42f9548a24dbff5

                                                                            SHA512

                                                                            58ae24dfc6045ce1f8ed782a03cb3d02c10b99a2992b9326711fb8700c8e7d05cfbca21e9b47cb4b1f4f806a9bb7667672026c715aad2f175febb6ba2b5f95db

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_am.dll
                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            ccdf8ae84e25f2df4df2c9dd61b94461

                                                                            SHA1

                                                                            64cd90b95a17d9ecf2a44afc0d83730b263ba5fe

                                                                            SHA256

                                                                            816c64b37e4c42cd418d05bc34a64e9c4acb4ce08b2a18ac5484374ca7b76e76

                                                                            SHA512

                                                                            242a8a93326d3a5ea1fd367ef6cc2b343f08f4ff68d88d91044d0ad7fce490f47524a6e57940991ff0893a590459e96c588944f2b115cee703413ca594046f7f

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_ar.dll
                                                                            Filesize

                                                                            26KB

                                                                            MD5

                                                                            3374d9bc4467dbdeaf50bbd5a26edcfa

                                                                            SHA1

                                                                            6d7bd73ad27148bad7488959d7ebea22b6805436

                                                                            SHA256

                                                                            5c8a8755cc0b1213fb0d5b57e10a53702f2091479d3c058d0c756134e548c685

                                                                            SHA512

                                                                            c0c02e54d7e0060b6ffa5bedf8d79cf4b40f77711680d2161b5186c5a8a10e521169dfa7ab6b8e4816c98e4aefd136f209a40c78104cb618c21105e095537719

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_as.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            87e596d8f0ac9fbe2d3176665eeb68f3

                                                                            SHA1

                                                                            1c9364d55b4844cd250504abe30dcff9792ee576

                                                                            SHA256

                                                                            c39669e004facfb0c500788747a4427fe26dcdb50ae695562e6e417f4eb190cd

                                                                            SHA512

                                                                            ef3708632e19332ddf460e081f8444ff8b4ec483c6b3e57f386df66d5f62d222b1d3f9f3728928701a6e48720133133c43619858853585a7d70b7bd5d8cf847e

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_az.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            ace0925ded0a4507d82e6d32a77c50df

                                                                            SHA1

                                                                            c760ff52c71de3080631120c6992dcd0ac4e37bd

                                                                            SHA256

                                                                            8e3c517bfc5986310c35f30b9681d9c919a7d62e299014410132ddc2b41f00b3

                                                                            SHA512

                                                                            8adec80e179f205d0571625c1a63a0188e6533adefd48691f2fc287a546c12249c2126e6958d1732fa8847492a8287723a0196fbc0f2b9af3c54e1ab418cc3e6

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_bg.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            aeb3a05ce4eecdef3d23dbc0094fe21f

                                                                            SHA1

                                                                            e2a5c49b4d0fddcad28649bd09d0cc7af4c0b2c8

                                                                            SHA256

                                                                            6c874a312ae57b8b0deac8457a200fcfc90aceaaa252628701c92aa8b9a823e8

                                                                            SHA512

                                                                            4a7fe6cf8300b394d7471d9a2d759ebed59690ce925270d6ceaa4e14ee06f01b67f8219559e9ec917477f4c5aae03329ae2c6e231f3fd41c645d02d26b29f367

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_bn-IN.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            afa21b2feee2831c5478e113ed814b76

                                                                            SHA1

                                                                            9e883c990a31b8cd0ed2f80f732f404386cc55d9

                                                                            SHA256

                                                                            183bcae9e143b78d04c2ed83ab6cac8cbd82f1d2bcf7bbb2506886a3925ac556

                                                                            SHA512

                                                                            294838c67f6d87fc3b4975c73d24e1c38173c8ad4a14c215945e9910ddc306e9deb0168f38661c85b5c77929fcbf56093f632a35c1b39181203fbd662d71f7f8

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_bn.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            8e0ff856270ca13f8c07825e39ae3613

                                                                            SHA1

                                                                            b351f8ae0cc13d97d201a268990b75fc9e6cd422

                                                                            SHA256

                                                                            18cd8ed69df17e1bcb517285caa88c8a73e093984fecbea2587e7144a8812a73

                                                                            SHA512

                                                                            25f3821c20aa222a28143951c9f370d3feceaf41e449f718640dce9af0e88e518bc40d2d02f5e64148d8909feedcfa6a8caf65a87ad12637a8bc13c848b1f178

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_bs.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            9f4c9469ef1930ec3ca02ea3b305e963

                                                                            SHA1

                                                                            e588ffdf150b55bb4ba38e2aaf175aaf6e1826d0

                                                                            SHA256

                                                                            fef14de38a4501cf538c89ca2d1ec389031124f69df9090df94fb4461e54ad58

                                                                            SHA512

                                                                            c166189ad76cb395a2aeea724f2088f42dd4d361518856166fb92b3335b8fc670e99eb7b1c4c9ac2c872c8283826cc2c88009bd975e690efbcc3d99289557e96

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                                                                            Filesize

                                                                            30KB

                                                                            MD5

                                                                            2e9132ee071ca5653baf90b9b1ea382e

                                                                            SHA1

                                                                            8a0c1e5a0df6432c50539d68caf697b8adaf1556

                                                                            SHA256

                                                                            adf6e6542f1422c431ef92a209886224fbb53b5c67e68ac070d5c8a4c6ee569a

                                                                            SHA512

                                                                            0b021758117109e4414c7ef37356106a96b68536ade8d3f1d1fb3dfce7c1132ab6fe02f7292ed225c09814a9c57124f731fd35069d220760678eab565f320976

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_ca.dll
                                                                            Filesize

                                                                            30KB

                                                                            MD5

                                                                            917c18cfa84c8b8e83d8321f03be093b

                                                                            SHA1

                                                                            c0a4a743f4059183724fc8c26e84b5a80bb2f7f0

                                                                            SHA256

                                                                            6c56355b232c3bd35f397f99648c020733ea2d57db1cd4beafffcd962b896ae4

                                                                            SHA512

                                                                            03359c6104e9f0cb2d66b6f1bf5598b2bb00d9e7a62fbd0c5475ca67b5194e96c2e6053a2a1c22323ba0002c614caab0477597fd34b57dd1f5acdb19f70c0854

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_cs.dll
                                                                            Filesize

                                                                            28KB

                                                                            MD5

                                                                            8b49a989a56d4a5aabd0a03f179ed92e

                                                                            SHA1

                                                                            ca2f84217c867eb853830e95c7717ce35bd997f9

                                                                            SHA256

                                                                            849e23c2f53d06462bd0f38e9d7c98e9389486f526a90c461c04c0aa1db7b7be

                                                                            SHA512

                                                                            f4861ab9200db234550cd2e355ce200b7746c614e9c326287c0509d152f29d41d7a056e4fd27e3150cb433cd0234c4ae1cbc0c3a8b5892ecb3e8d4632a985aa7

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_cy.dll
                                                                            Filesize

                                                                            28KB

                                                                            MD5

                                                                            1146f59b139b9d810996a1bae978f214

                                                                            SHA1

                                                                            cc9d54e6e3ce1efc4ef851eba35222547b996937

                                                                            SHA256

                                                                            7b5ce6c7fa03e69a93694fa59c61be88b3eb8cd8951790f3bdd7cba2d99e6b83

                                                                            SHA512

                                                                            0c94943646b0a08662eda2d236b7c88ecec0745faff5b9c6097f68e73a20059f8d2de47a9c00e58c6d2083331a34a0fa19b0964f3c62a6b8cfa02bc1e283e75a

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_da.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            08fb61cf492ccd1236907af7a6b1bd4b

                                                                            SHA1

                                                                            9f6e0f7610d42f8a402d3adb7b66374f4d0f3cb5

                                                                            SHA256

                                                                            d6261d4bd9ce4011caee1e0efefb5685a5bb5e29130ad8639e4578fc90027631

                                                                            SHA512

                                                                            747982680ebc9e3c0993a69923c94382df6bfc113ebb76d31f65f9d824abef1a051a4e351f0f42296fd84e7663fc3bcc784da51dbce0554c3a880ac2258aa16c

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_de.dll
                                                                            Filesize

                                                                            31KB

                                                                            MD5

                                                                            970e46bfaca8f697e490e8c98a6f4174

                                                                            SHA1

                                                                            2bc396e8f49324dee9eb8cc49cdb61f5313130d9

                                                                            SHA256

                                                                            eeff2c2487c6456e6a3ed43fe5fbb9d3b72e301d3e23867b5d64f5941eb36dcb

                                                                            SHA512

                                                                            789f29ee2c34d86da5c69225bb8b2fd96273c20146126c28d3d36a880bbda5b16ace479ce59aafdf645328255105133f489278023e63e04e9fa1fb34cc1f3ae1

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_el.dll
                                                                            Filesize

                                                                            31KB

                                                                            MD5

                                                                            3d22a75afd81e507e133fe2d97388f2e

                                                                            SHA1

                                                                            f7f68cb6867d8c6386438d5a6e26539be493505b

                                                                            SHA256

                                                                            823fe6edc1fb0ebdfb8ebbaa2d36f6dc0424c8f26b6594a390ae0eaafd319ab0

                                                                            SHA512

                                                                            34a62ebe8d057a6f6e6f6b2672ebb95d4d7c49e739f4beee4bbfb5e917b7176aba4d70b0e84bd727c967d0885c08264dfb42371fe0d3fe4f8f12dbb1e26ca69a

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_en-GB.dll
                                                                            Filesize

                                                                            27KB

                                                                            MD5

                                                                            fe685e8edec8a3b3c16e7954b787e118

                                                                            SHA1

                                                                            ac71544158bf86d357d78d003f5ff2b4b5fd4ef3

                                                                            SHA256

                                                                            4b60ce6e3c8f725ad8e88cd0d0a3f0155a7145915670a532fe1143fb2dfbf49e

                                                                            SHA512

                                                                            e30d12a607d1c6fd2060ab38f443af680f8c8655900b0a21f3f0b488033f9300915667bdfa59ff4fd3488f58ac52c7f5598ff5078bf849bd177d1d8c10533f04

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_en.dll
                                                                            Filesize

                                                                            27KB

                                                                            MD5

                                                                            be845ba29484bdc95909f5253192c774

                                                                            SHA1

                                                                            70e17729024ab1e13328ac9821d495de1ac7d752

                                                                            SHA256

                                                                            28414cd85efe921a07537f8c84c0a98a2a85fdbd5dfa3141e722ed7b433d0a96

                                                                            SHA512

                                                                            2800ec29ece429151c4cd463c5042492ac24e82b4999a323607d142a6e1a08cb69258190a6722afbbcfb3c9cdc6eebdedf89ee6549e0f420f6fbae3aa0501fd4

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_es-419.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            dc8fcfbcd75867bae9dc28246afc9597

                                                                            SHA1

                                                                            8fd9361636303543044b2918811dbdab8c55866c

                                                                            SHA256

                                                                            3deb382ffdfbd2d96ff344ec4339f13703074f533241f98f0ccd8d3f8c98f4bd

                                                                            SHA512

                                                                            ac8fbf033677a6862f3d02cf93bf1838c24f006b40fd44336ae13ecc2287ae4c733cc3d601e39556586131e8a9e2d930814399ac68165a26458a6cbf51b11d32

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_es.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            9c0ef804e605832ba0728540b73558a7

                                                                            SHA1

                                                                            a305f6b43a3226120d3010ca8c77441f6a769131

                                                                            SHA256

                                                                            626835e07c1fc4ab670127682f3e5225881a2d4ddea873c5271e9032668fa641

                                                                            SHA512

                                                                            c27a4b24600bdd33a4f9430e8d4d8f7f3718efcaf2d1ec36023e34b996817af79b5a9baeea1506f97d2716c9b2b5509bbc1bf4d7cab779554eebadaa8c942dfe

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_et.dll
                                                                            Filesize

                                                                            28KB

                                                                            MD5

                                                                            111118683f6e8ed7ceb11166378aebb0

                                                                            SHA1

                                                                            fd3e1cf198885ab5d9082d540d58f983d8a0f5ff

                                                                            SHA256

                                                                            5cc4930c50716138e25987baacb9a9aed7d30ff5c0ac927e35f7fc006f5179c4

                                                                            SHA512

                                                                            cc3480f05d8d59d3d705204e15ff6453a6d9c77bdb1011d069bb1f83b3d4e14204f19caa7e7ecbb6e3ed92d429ac46940791903440fbfeca2f7e7e12b9a47f6c

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_eu.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            c0da1ad8854f64b7988d70c9db199d5f

                                                                            SHA1

                                                                            b184335283bf0026615f2a4a120fda87961c774b

                                                                            SHA256

                                                                            73190820d59e5bfe769b82ada48b0c9ed353524bd5cab303f5175d7d9bbb74ee

                                                                            SHA512

                                                                            424ef2d0ceaba76b64c3349ec1ff5088cb8aff9103fb38da238c80e6452a967f3dca09860b2b8fe9c01e20bebadc539960a5bc241a91bab98bfedf29c2f777ea

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_fa.dll
                                                                            Filesize

                                                                            28KB

                                                                            MD5

                                                                            c4cb44ee190c5aa8dd7749659437e5cc

                                                                            SHA1

                                                                            667f4aa01a4262fff2e01838f94330c0ebc285a2

                                                                            SHA256

                                                                            dc184d54d00d51d2f8de623c0c4b07e9408f7b02e1f1085107edaf14dcbee136

                                                                            SHA512

                                                                            0330d733e89811c4a89deb202ec517de3128ad266483f37bd8d91eb6e45336febf7297da4f3465c683ed1b6e08114d6a3f52ff74484276509b9816ae7dccbb10

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_fi.dll
                                                                            Filesize

                                                                            28KB

                                                                            MD5

                                                                            a9b037f7bc8f5b382bf6c69b993dbeb1

                                                                            SHA1

                                                                            7beb733f3561ac3083a3dfca3b7644c5154e1330

                                                                            SHA256

                                                                            b498d1b38a81199b62a98a0e36aa9e955e1c0143436908538314089c0e59d128

                                                                            SHA512

                                                                            a63c1e1a4d8d2e5043e0cdc420d1c545b0adbcdaa1a65f09454d47cc9642c1ffcb16e76454e90c75fd88f29917024b11418a606acbd560a98b79cd8631186332

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_fil.dll
                                                                            Filesize

                                                                            29KB

                                                                            MD5

                                                                            6b2319c3634103272f39fc71d7f95426

                                                                            SHA1

                                                                            a1d692a68c5cbb70d29a197ec32c9529c15a0473

                                                                            SHA256

                                                                            28c610ba7f8332be050c30e296acaee423bc0a7a9cacc7b3d60618e284ff9cfa

                                                                            SHA512

                                                                            51738dd14b410c689ed56530ac555824c773bcb163f4dbaddc86e684e04c1f06271001f0b2bef7d6231f17231b2e3e35f9aba2974c48eff6d1a8ab877e5a6031

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_fr-CA.dll
                                                                            Filesize

                                                                            30KB

                                                                            MD5

                                                                            8e1793233c6e05eeaf4fe3b0f0a4f67c

                                                                            SHA1

                                                                            97697fe9ba6b3cb5cfe87bb94587c724ed879c3b

                                                                            SHA256

                                                                            b9caaa668b71964316ee15e6e49f8ae81e5ed167fdb69fc31bc6df834ab4e7a5

                                                                            SHA512

                                                                            3d2fbf5e05e7b9e21c85ad7f59db9556046e4c1755f0b138d6de38eeadd3480e772e35798f9339aa7daffbf92afbc385f9c0bb4e4f5c65292dff3b280f52bd6f

                                                                            Download Submit

                                                                          • C:\Program Files (x86)\Microsoft\Temp\EUA8C.tmp\msedgeupdateres_fr.dll
                                                                            Filesize

                                                                            30KB

                                                                            MD5

                                                                            5e63ac4b5abe6c84f305898a0f9ba0bb

                                                                            SHA1

                                                                            e70baf6f175c297a9b491272ce8f131ba781553c

                                                                            SHA256

                                                                            711b5968d2116d7e97aa5852ec864db35d3c186f341fb024cd1ef4525256131a

                                                                            SHA512

                                                                            c383e4df4337bf9a66f684dabd2faa95cb49abb424c76d0603f91af7b7260be5b2877246da293d5df83fdb59d291d63a7d73303c34682a50ea84a8fcd7d6e874

                                                                            Download Submit

                                                                          • C:\Program Files\MsEdgeCrashpad\settings.dat
                                                                            Filesize

                                                                            280B

                                                                            MD5

                                                                            70411e58587847db39e736da7fe02266

                                                                            SHA1

                                                                            d109f91ea547d9c1d38d4a2a647f7edfb0b190f7

                                                                            SHA256

                                                                            8b6466e6515825f19fd782f1a17207624c426ed0aba230ae602d6029c7694ba8

                                                                            SHA512

                                                                            79b09ec328809e20ac9bb4e56093ac2666c9d48ffff71dfdbc0b594ceed9ea37cfbee4a35c3aa1dee89645fc3a1b78daeccd51f87002589c1d26d36b76df5043

                                                                            Download Submit

                                                                          • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                                                                            Filesize

                                                                            183KB

                                                                            MD5

                                                                            1b9d02e991a17adee099e875c4d2621d

                                                                            SHA1

                                                                            522cfac910c03b0bb3e18d9ee74130218589ee9b

                                                                            SHA256

                                                                            b99f42cc825a3871d658f3c64f3f15570d1538e840344d175f9c22325d3e0af0

                                                                            SHA512

                                                                            e1407bc6e4375676a1fe48dba96c9be47a6381add74f0b7863938616f9a58f285b5b708c069b33761cd08d56fb433d1fcec47d005d60c5c58d7bab65ada5a121

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            ff63763eedb406987ced076e36ec9acf

                                                                            SHA1

                                                                            16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

                                                                            SHA256

                                                                            8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

                                                                            SHA512

                                                                            ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            2783c40400a8912a79cfd383da731086

                                                                            SHA1

                                                                            001a131fe399c30973089e18358818090ca81789

                                                                            SHA256

                                                                            331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

                                                                            SHA512

                                                                            b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            52fe165478716e005d7609e125bdb262

                                                                            SHA1

                                                                            43ae0d70651bac70041a58648e58bbe5bc26cc47

                                                                            SHA256

                                                                            3b5569c672eefe20f531e2c99d7a9a6f45350b1504b9da303320dd4a2cd01746

                                                                            SHA512

                                                                            00f2440298f027d5031cf9aca1961d749edd2a74810e40288ec1b25995a92956b0a018c8f7d4544670da0648a95f9ef37e0c6cae2483868eac4948dec71a4409

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                            Filesize

                                                                            786B

                                                                            MD5

                                                                            07549aa994583b50a958d22322b0929f

                                                                            SHA1

                                                                            1007ec73cca1a7bbcfe31c564e6dade0fb2f9049

                                                                            SHA256

                                                                            b9070e8e274028c0afb5f65edb7ff94d8a0acf12ac5c9526a2c38f855effbba6

                                                                            SHA512

                                                                            e50a61e15d465eaa01b7a21db8203557c0289b6fe2bab981dd4de12c6fa36ee537dbb8987e7c2abead977c175e19b1a156856448956456ec0d2abebc6b74137c

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                            Filesize

                                                                            882B

                                                                            MD5

                                                                            fb6edbf6dd930884c046f4b66afc98b6

                                                                            SHA1

                                                                            2edac30631bbf3dde85631b1e85befca1a9f1a88

                                                                            SHA256

                                                                            50bb0f86b19229c22f379ba089e181bcaee4bec80e89a9567a7a9fa00d9e30bf

                                                                            SHA512

                                                                            916d5817a1eef38dc03742f5a576d1b5ec6feacc335500abd00a3d9d84b123a0ca8dad4ccf84947e515a22a5980c9ab7babc0345283dc492d1883b9e1f4ee4ed

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                            Filesize

                                                                            111B

                                                                            MD5

                                                                            807419ca9a4734feaf8d8563a003b048

                                                                            SHA1

                                                                            a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                            SHA256

                                                                            aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                            SHA512

                                                                            f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            09aa5501e89d7dbe09b52df290b88540

                                                                            SHA1

                                                                            f9913920194377c06c619188a82fb48c6e4d16d0

                                                                            SHA256

                                                                            cb1d9b466db53bd8af74e932e0b48d8a05770b46e86f3ec563c78286221a8047

                                                                            SHA512

                                                                            5968e8127c6f2786578f73fff54c1dec935a5a3d2af858652ed849a9d75c90ee98ea31e83a0823d9237273ed2127afedd53e386af4a3e5a4dc457b6869df044e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            aeb8062aab9206da64770af4a3c006ce

                                                                            SHA1

                                                                            f32efb1393c6257905fbe65c69113de5739199ab

                                                                            SHA256

                                                                            8f4bd59b822ae493c94e0be6dc5fdf3a76e9652c57e7e1f68805762eec7d8b91

                                                                            SHA512

                                                                            dcded2308927146f81064f52775afbd9bbd1033de6dd25f35997d28cbf97a6bd02d7d8551c611020a5b8dd73f8503ada63b537dd8d1e6522446c556e28d43e50

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            7f5a96c6f70ef04aa44c58a0f88bd3bb

                                                                            SHA1

                                                                            120236f176854fd1cc4743b524ed7e0de97d5ddd

                                                                            SHA256

                                                                            ca12763367ddd28cb0c7f63d3b1aec075f7aaf38a396788a60c8a20f8af2090b

                                                                            SHA512

                                                                            11db7fb621ec271e94049e66da41fb007d00adbe9dfd6645164078e3d9cf6f61170ddd0b3b665fa72b42b8afaf3c59df1ad49144ee653029e97bbd5e07d4f180

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            c2b31e743b7c1ae86bd3bb92fa4e55ce

                                                                            SHA1

                                                                            b3b8d6160d2248ee8ce977c0fae5f806e92b9c3e

                                                                            SHA256

                                                                            63e3601c5a255c10935001c02b5a37996c748f035f38431630e93840fd89a382

                                                                            SHA512

                                                                            4acac7694c188a3e7604af2e9ff1bd72624cb62c768898cff02cc954947a0f4213db266d9ce378a54e6cf443fa4f98454a7c740c9b0a5a32cb2a19ddcf8b548c

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            36e77861ea27ad0ad73afda1ad8c5b3b

                                                                            SHA1

                                                                            48384e7260a0845fce0a0ade3dbd3a065e014a28

                                                                            SHA256

                                                                            4a955ef8e7f79d65de6a168c4c4e07ebdb3c7f5e3ac45611c614fa1fc846c413

                                                                            SHA512

                                                                            d8a63599f88e47be0ee76808acfdd5357a34f3f01f019ea0c89810019377ef467f13e6c5229a78f81662bbf11f8e8e48a07f50d7750bf83d4c8d1c6cc88b106e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5996e7.TMP
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            08b0740b12840f5c39556f348266cf72

                                                                            SHA1

                                                                            212dec8f9c56c6e9b4b9d8c9b4b8e318f2ebf145

                                                                            SHA256

                                                                            b1e815ebd4d912f100111574c48d4f43379cdcf9b8f6d4ba3e5e6e1a37393ad8

                                                                            SHA512

                                                                            00f8fbf82598fcd023ca5334f24fb948d550ea713dda0ca1f9864d5dba92840c4fbf151a3a34bf4f48af4cf5da4869839a9a840e30cf2546dcf80acc23706b0c

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                            SHA1

                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                            SHA256

                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                            SHA512

                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            69fae5bd7e22e2bcffbf8c983269260b

                                                                            SHA1

                                                                            76f1ffffabe66ef79cd6074f58b6090e832d50d4

                                                                            SHA256

                                                                            0064177514e2fef9a9a955d7867a649ec78d2cc388be870d07723545037434d6

                                                                            SHA512

                                                                            550ed961998f7c6cd0e698877edc6365bfdb6f2c4a335accf4639e4c48d7f5d7ee379cd50f6ddf767caec0ba6d655cc9c77ec6995f6c24f0daf0e50d8a0938f4

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            f99cacf51f0f7f3e060f145ef75fd7d6

                                                                            SHA1

                                                                            68769d9bbb1ba2124f9dcdc97cce5fa85976a3d4

                                                                            SHA256

                                                                            3dec9023bb2f583625719244f10da4860a481e2803e4e56e4a6d3e55bacd1bc7

                                                                            SHA512

                                                                            4f1b1ca6bc29f4312a68d05c42777e69ba661d8bd3445b71b8e742cbb54123c022b285b867e6c2d0c343622732f1735057ce879d5f81ef511d3d368c760c33d9

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            ef00b7d23c60599daea1a26fa7b3ec7d

                                                                            SHA1

                                                                            d2425f26ce8dc1d7393d2ecf76c3a99102bc890b

                                                                            SHA256

                                                                            29a46fdb62a7598805dbc359142717d729441ba05988c939dc51cdb0216df293

                                                                            SHA512

                                                                            e92c327086bcbbd24afd43073f4476cfff2680e59fccc1999af818f0fedb9a176e682afe701a4317b0a0aa1c36d4a22bd40dc3df63410c39f776caf86a6ba7f4

                                                                            Download Submit

                                                                          • C:\Users\Admin\Downloads\Unconfirmed 854561.crdownload
                                                                            Filesize

                                                                            140KB

                                                                            MD5

                                                                            c46b7e54e4b1e74eb907ed460c632350

                                                                            SHA1

                                                                            2a45cbb31a1c8808f3cc5e2606b9fe07a6ec0e57

                                                                            SHA256

                                                                            c79b8c1edf139d35dff7a26fd1ea4ba940133634fdc2e9bc7e5d571a707561e1

                                                                            SHA512

                                                                            8675f593d0f18e35df70bb8ec82915ca8713a513dda1c3a71ec94735d61e4d0fa770bfa42904ca9533aa89ede95bff4a3ce926efa74ddec91292aa812a5771fb

                                                                            Download Submit

                                                                          • memory/512-2430-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2441-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2435-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2436-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2429-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2437-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2431-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2438-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2440-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/512-2439-0x000001F3F9FD0000-0x000001F3F9FD1000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                            Download

                                                                          • memory/736-746-0x0000000000C20000-0x0000000000C55000-memory.dmp

                                                                            Filesize

                                                                            212KB

                                                                            Download

                                                                          • memory/736-747-0x0000000074830000-0x0000000074A55000-memory.dmp

                                                                            Filesize

                                                                            2.1MB

                                                                            Download

                                                                          • memory/736-778-0x0000000074830000-0x0000000074A55000-memory.dmp

                                                                            Filesize

                                                                            2.1MB

                                                                            Download

                                                                          • memory/736-787-0x0000000000C20000-0x0000000000C55000-memory.dmp

                                                                            Filesize

                                                                            212KB

                                                                            Download