xtremerat | 08ae46405298caab5f5fd99636a9c9af19e973990098c38fbf5ee2ca58acf8dd

Analysis

max time kernel
103s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
30/01/2025, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_64f5d336a62fd66a7ba87d7566cf0a29.exe
Size

324KB
MD5

64f5d336a62fd66a7ba87d7566cf0a29
SHA1

1181ff3f0588f4e9beb74efa53313d9d0c2d5590
SHA256

08ae46405298caab5f5fd99636a9c9af19e973990098c38fbf5ee2ca58acf8dd
SHA512

3962de4a96b2264235f5d89084f083618e7824011320e26dc28622f728296ab6720a0fe8c060136fdbe3a4dc6e0d86ca415e2cd8fad5b27eee44161ec732afaf
SSDEEP

6144:usYZeupvMqgRShfnGpjeSKueGq8wpGlzPM9RRQFMtksDIncOtUOiuNofHLHKR:weupFgcOpNHealzPMRRNksotC2ofrKR

Score

10^/10

xtremerat discovery persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 64 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023ca1-17.dat	family_xtremerat
behavioral2/memory/3104-61-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1536-65-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2204-67-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3616-72-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3508-81-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/392-86-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4428-95-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4448-97-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2068-106-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3632-114-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2164-116-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1720-124-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/452-126-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/1296-136-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/672-140-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4764-138-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3872-148-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2676-152-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4304-155-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3916-160-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4908-162-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3728-166-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3156-173-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5024-176-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3616-179-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4344-182-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2092-187-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5132-190-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5184-193-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5260-196-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5304-197-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5380-204-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5708-207-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5752-210-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5852-213-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5880-214-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5984-219-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6008-222-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/4828-227-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5164-228-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5324-233-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5828-234-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5388-239-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/2372-240-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/3960-245-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6244-250-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6276-251-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6396-254-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6408-255-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6580-260-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6600-261-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6648-266-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6700-267-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6224-274-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6288-275-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5652-278-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6240-283-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6536-284-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/5412-289-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/400-290-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/6244-295-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/7236-300-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral2/memory/7264-301-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat
Xtremerat family
xtremerat

Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	Process not Found
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	Process not Found
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	Process not Found
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	Process not Found
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	Process not Found
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	Process not Found
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}\StubPath = "C:\\Program Files (x86)\\Windws\\msn.exe restart"	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	Process not Found
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{35MDE2S6-DM02-3816-5UYU-WI6BNCH04URL}	msn.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	CryptedFile.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	Process not Found
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	JaffaCakes118_64f5d336a62fd66a7ba87d7566cf0a29.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\Control Panel\International\Geo\Nation	msn.exe

Executes dropped EXE 64 IoCs

pid	Process
3104	CryptedFile.exe
2204	msn.exe
3616	msn.exe
3508	msn.exe
392	msn.exe
4428	msn.exe
4448	msn.exe
2068	msn.exe
3632	msn.exe
2164	msn.exe
452	msn.exe
1720	msn.exe
672	msn.exe
4764	msn.exe
1296	msn.exe
3872	msn.exe
4304	msn.exe
2676	msn.exe
4908	msn.exe
3728	msn.exe
3916	msn.exe
3156	msn.exe
5024	msn.exe
3616	msn.exe
4344	msn.exe
2092	msn.exe
5132	msn.exe
5184	msn.exe
5260	msn.exe
5304	msn.exe
5380	msn.exe
5708	msn.exe
5752	msn.exe
5852	msn.exe
5880	msn.exe
5984	msn.exe
6008	msn.exe
4828	msn.exe
5164	msn.exe
5324	msn.exe
5828	msn.exe
5388	msn.exe
2372	msn.exe
3960	msn.exe
6244	msn.exe
6276	msn.exe
6396	msn.exe
6408	msn.exe
6580	msn.exe
6600	msn.exe
6648	msn.exe
6700	msn.exe
6224	msn.exe
6288	msn.exe
5652	msn.exe
6240	msn.exe
6536	msn.exe
5412	msn.exe
400	msn.exe
6244	msn.exe
7236	msn.exe
7264	msn.exe
7292	msn.exe
7440	msn.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	CryptedFile.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	Process not Found
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2436272344-4274332273-444425594-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Program Files (x86)\\Windws\\msn.exe"	msn.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File created	C:\Program Files (x86)\Windws\msn.exe	CryptedFile.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	Process not Found
File opened for modification	C:\Program Files (x86)\Windws\msn.exe	msn.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_64f5d336a62fd66a7ba87d7566cf0a29.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msn.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	CryptedFile.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Process not Found
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msn.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 3104	4536	JaffaCakes118_64f5d336a62fd66a7ba87d7566cf0a29.exe	88
PID 4536 wrote to memory of 3104	4536	JaffaCakes118_64f5d336a62fd66a7ba87d7566cf0a29.exe	88
PID 4536 wrote to memory of 3104	4536	JaffaCakes118_64f5d336a62fd66a7ba87d7566cf0a29.exe	88
PID 3104 wrote to memory of 3472	3104	CryptedFile.exe	89
PID 3104 wrote to memory of 3472	3104	CryptedFile.exe	89
PID 3104 wrote to memory of 3472	3104	CryptedFile.exe	89
PID 3104 wrote to memory of 4620	3104	CryptedFile.exe	90
PID 3104 wrote to memory of 4620	3104	CryptedFile.exe	90
PID 3104 wrote to memory of 4620	3104	CryptedFile.exe	90
PID 3104 wrote to memory of 5092	3104	CryptedFile.exe	91
PID 3104 wrote to memory of 5092	3104	CryptedFile.exe	91
PID 3104 wrote to memory of 5092	3104	CryptedFile.exe	91
PID 3104 wrote to memory of 1552	3104	CryptedFile.exe	92
PID 3104 wrote to memory of 1552	3104	CryptedFile.exe	92
PID 3104 wrote to memory of 1552	3104	CryptedFile.exe	92
PID 3104 wrote to memory of 228	3104	CryptedFile.exe	93
PID 3104 wrote to memory of 228	3104	CryptedFile.exe	93
PID 3104 wrote to memory of 228	3104	CryptedFile.exe	93
PID 3104 wrote to memory of 4940	3104	CryptedFile.exe	94
PID 3104 wrote to memory of 4940	3104	CryptedFile.exe	94
PID 3104 wrote to memory of 4940	3104	CryptedFile.exe	94
PID 3104 wrote to memory of 2948	3104	CryptedFile.exe	95
PID 3104 wrote to memory of 2948	3104	CryptedFile.exe	95
PID 3104 wrote to memory of 2948	3104	CryptedFile.exe	95
PID 3104 wrote to memory of 3836	3104	CryptedFile.exe	96
PID 3104 wrote to memory of 3836	3104	CryptedFile.exe	96
PID 3104 wrote to memory of 3836	3104	CryptedFile.exe	96
PID 3104 wrote to memory of 4436	3104	CryptedFile.exe	97
PID 3104 wrote to memory of 4436	3104	CryptedFile.exe	97
PID 3104 wrote to memory of 2204	3104	CryptedFile.exe	98
PID 3104 wrote to memory of 2204	3104	CryptedFile.exe	98
PID 3104 wrote to memory of 2204	3104	CryptedFile.exe	98
PID 2204 wrote to memory of 1536	2204	msn.exe	99
PID 2204 wrote to memory of 1536	2204	msn.exe	99
PID 2204 wrote to memory of 1536	2204	msn.exe	99
PID 2204 wrote to memory of 1536	2204	msn.exe	99
PID 2204 wrote to memory of 3568	2204	msn.exe	100
PID 2204 wrote to memory of 3568	2204	msn.exe	100
PID 2204 wrote to memory of 3568	2204	msn.exe	100
PID 2204 wrote to memory of 1640	2204	msn.exe	101
PID 2204 wrote to memory of 1640	2204	msn.exe	101
PID 2204 wrote to memory of 1640	2204	msn.exe	101
PID 2204 wrote to memory of 380	2204	msn.exe	102
PID 2204 wrote to memory of 380	2204	msn.exe	102
PID 2204 wrote to memory of 380	2204	msn.exe	102
PID 2204 wrote to memory of 4140	2204	msn.exe	103
PID 2204 wrote to memory of 4140	2204	msn.exe	103
PID 2204 wrote to memory of 4140	2204	msn.exe	103
PID 2204 wrote to memory of 64	2204	msn.exe	104
PID 2204 wrote to memory of 64	2204	msn.exe	104
PID 2204 wrote to memory of 64	2204	msn.exe	104
PID 2204 wrote to memory of 4364	2204	msn.exe	105
PID 2204 wrote to memory of 4364	2204	msn.exe	105
PID 2204 wrote to memory of 4364	2204	msn.exe	105
PID 2204 wrote to memory of 808	2204	msn.exe	106
PID 2204 wrote to memory of 808	2204	msn.exe	106
PID 2204 wrote to memory of 808	2204	msn.exe	106
PID 2204 wrote to memory of 3784	2204	msn.exe	107
PID 2204 wrote to memory of 3784	2204	msn.exe	107
PID 2204 wrote to memory of 3616	2204	msn.exe	108
PID 2204 wrote to memory of 3616	2204	msn.exe	108
PID 2204 wrote to memory of 3616	2204	msn.exe	108
PID 3616 wrote to memory of 1776	3616	msn.exe	109
PID 3616 wrote to memory of 1776	3616	msn.exe	109

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_64f5d336a62fd66a7ba87d7566cf0a29.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_64f5d336a62fd66a7ba87d7566cf0a29.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Users\Admin\AppData\Local\Temp\CryptedFile.exe
  "C:\Users\Admin\AppData\Local\Temp\CryptedFile.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3104
- - C:\Windows\SysWOW64\svchost.exe
    svchost.exe
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:4436
- - C:\Program Files (x86)\Windws\msn.exe
    "C:\Program Files (x86)\Windws\msn.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Modifies registry class
      PID:1536
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        
        PID:392
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4196
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4632
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4120
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1284
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3620
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1348
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1180
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4284
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:4448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1564
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1548
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1236
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2148
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        
        PID:4764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4508
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:2676
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3152
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2068
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2400
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4640
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3324
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2024
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4156
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4076
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4748
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1560
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1980
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:1296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2348
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:452
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1912
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4592
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:552
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4188
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4644
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1040
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4980
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:3872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4056
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4876
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        
        PID:3728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2156
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1516
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:3616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2364
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2524
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3112
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:5184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5668
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Executes dropped EXE
        
        PID:5752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5972
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:3976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5216
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:2092
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:5164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5920
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5792
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:4280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:6188
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        12⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:6276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7096
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        
        PID:6224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5716
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:6500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:6344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:6200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:6644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:6652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:6700
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        14⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Modifies registry class
        
        PID:7236
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:7312
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:7528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:7736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:7856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:7932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:8004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:8080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:8152
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        Modifies registry class
        
        PID:7200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:5652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:7632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:7296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:7608
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:7112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:7244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8332
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        16⤵
        Adds Run key to start application
        
        PID:8432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:8504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:8780
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:9004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:7220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:8412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:8592
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:8704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:8872
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        17⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        
        PID:7472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:7440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:8636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:9444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:9668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:9796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:9884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:9976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:10072
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:10136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:10232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:9152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:8856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:8956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:10120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:10280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:10376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:10476
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        19⤵
        Checks computer location settings
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:10532
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:10628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:10884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        20⤵
        
        PID:11100
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4304
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3508
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2652
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:764
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2068
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4068
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3712
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:4404
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1592
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:3156
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3944
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1616
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:2092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:2328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5252
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5872
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:6008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5664
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5400
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:3832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6528
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        11⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        
        PID:6648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:6748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:6820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:6888
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:6952
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:6180
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:6476
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        12⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:5412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4428
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7228
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7432
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        13⤵
        
        PID:7592
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:7672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:7832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:7908
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:7980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8056
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:7196
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:6732
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        14⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:2384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:7460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:6244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:6236
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:7248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:8292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:8396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:8676
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        15⤵
        Checks computer location settings
        Drops file in Program Files directory
        Modifies registry class
        
        PID:8812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:9112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:7400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:4948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:9092
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        16⤵
        Checks computer location settings
        Drops file in Program Files directory
        
        PID:9240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:9320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:9552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:9744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:9836
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:9924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:10016
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:10192
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:9408
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        17⤵
        Checks computer location settings
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:9720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:9188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:9084
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:9412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:8440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:10312
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:10412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:10580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        18⤵
        
        PID:10856
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        18⤵
        Checks computer location settings
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:11008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:11068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        19⤵
        
        PID:11220
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Executes dropped EXE
        
        PID:3916
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4344
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3192
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1240
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3200
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3588
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1480
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3128
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3896
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5228
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:5260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5804
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:5852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5748
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:5324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5848
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5692
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6048
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4420
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6156
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6324
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6396
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6692
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6936
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7144
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:6288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:5584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7172
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:7264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7792
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8176
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        12⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:7212
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7816
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6608
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:8256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:8340
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:8452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8788
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:9048
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:4044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8900
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        14⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:7292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:8940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:8644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:10088
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:10144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:9528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:9468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:8448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:10296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:10392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:10492
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        16⤵
        Boot or Logon Autostart Execution: Active Setup
        Drops file in Program Files directory
        
        PID:10544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:10620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:10876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        17⤵
        
        PID:11092
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:5304
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5368
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5452
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5492
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5536
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5576
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5620
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5680
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5812
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:5880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5188
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        
        PID:5828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5884
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:5356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6332
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6944
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7152
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        
        PID:5652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6548
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7184
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        
        PID:7292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7888
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8112
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:6252
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:7340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7420
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:4720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7364
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8372
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        12⤵
        Boot or Logon Autostart Execution: Active Setup
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:8604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:8832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:8416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:7560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:2892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:8944
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:7476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:9336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:9560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:9752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:9844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:9932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:10024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:10200
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        14⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:9352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:10124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:9688
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:10328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:10428
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:10644
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        15⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:10752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:10832
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:11076
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        16⤵
        
        PID:10504
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5984
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6028
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6104
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2200
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3008
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:1500
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5360
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:728
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5260
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:5388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5892
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5688
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4516
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6228
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6436
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Modifies registry class
        
        PID:6580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6788
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6920
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7048
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6368
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6428
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7376
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7848
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7924
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:8072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:8144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5712
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:6736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8228
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8316
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8540
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:9176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:4612
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        12⤵
        Checks computer location settings
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:8588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:8512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9608
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:10032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:8880
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        13⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:9080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:9584
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8456
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:9532
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:8520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:10256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:10352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:10452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:10676
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        14⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        
        PID:10800
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:10948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:11124
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2372
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5780
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5704
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5844
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5984
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3732
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3056
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6264
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6508
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:6600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6928
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7056
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5268
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Executes dropped EXE
        
        PID:6536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6300
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7392
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7456
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7744
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6240
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        
        PID:5412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:1644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:8236
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:8324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:8564
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Drops file in Program Files directory
        
        PID:8644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:9168
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:8804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:7308
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8548
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8656
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:9392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:9616
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:9760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:9860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:9948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:10040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:9220
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        12⤵
        Checks computer location settings
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8988
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:10220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:9028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:10248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:10344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:10444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:10652
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Drops file in Program Files directory
        Modifies registry class
        
        PID:10760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:10840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:11084
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        
        PID:6700
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6772
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6836
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6904
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6968
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7032
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7088
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6060
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        
        PID:400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:6724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7480
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        
        PID:7636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7988
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6868
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Checks computer location settings
        Drops file in Program Files directory
        
        PID:7904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:7804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8768
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:8840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:8908
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:9128
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6272
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:6288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:7544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:8696
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:9248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:9312
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:9544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:9736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:9828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:9916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:10008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:10184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:9424
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        11⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:9644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:8660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:7472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:10116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:10304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:10404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:10572
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:10792
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        12⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:10980
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:11048
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:11212
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:6244
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7108
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5824
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6604
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3996
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2792
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7344
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7576
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:7708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7872
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7948
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8168
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:5408
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4912
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Checks computer location settings
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:5164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7504
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7692
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7768
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8860
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Drops file in Program Files directory
        Modifies registry class
        
        PID:8984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8364
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:5756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:6280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:2336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:8996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9280
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        
        PID:9400
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:7752
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7824
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7896
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7972
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8044
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8120
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:6172
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2088
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5500
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Drops file in Program Files directory
        
        PID:7300
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8920
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:9012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:7368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:6736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8716
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8928
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9344
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Drops file in Program Files directory
        Modifies registry class
        
        PID:9412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9496
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9992
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:10096
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9972
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Drops file in Program Files directory
        
        PID:8812
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:9252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:9604
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:9264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:10336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:10436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:10660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:10956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:11116
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:11228
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Drops file in Program Files directory
        
        PID:7440
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7564
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7284
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:7708
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8212
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8300
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8760
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8976
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:9120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7500
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:7424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9460
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:9576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9660
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:10064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8640
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        
        PID:9068
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:9332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:10272
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:10368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:10468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:10684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:10972
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:11140
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Checks computer location settings
        System Location Discovery: System Language Discovery
        
        PID:10212
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Checks computer location settings
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        
        PID:9140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8348
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8496
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8428
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8184
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8488
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:9232
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:9504
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Checks computer location settings
        Drops file in Program Files directory
        
        PID:9568
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9956
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:10052
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:8468
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:8572
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:9380
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:10264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:10360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:10460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:10668
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:10964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:11132
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:11248
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Checks computer location settings
        
        PID:9688
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:9728
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:9820
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:9908
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:10000
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:10176
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8984
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8952
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:9288
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Drops file in Program Files directory
        
        PID:9648
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:9712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:10288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:10384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:10484
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:10724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:10996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:11160
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:6364
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8948
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:8532
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:10320
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:10420
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:10636
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:10908
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:11108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:1640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:64
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:4364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      4⤵
      PID:3784
  - - C:\Program Files (x86)\Windws\msn.exe
      "C:\Program Files (x86)\Windws\msn.exe"
      4⤵
      Boot or Logon Autostart Execution: Active Setup
      Executes dropped EXE
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1776
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:3980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:4484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        5⤵
        
        PID:1936
    - - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:3508
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3216
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3932
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:5032
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3024
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:3552
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:404
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2040
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        6⤵
        
        PID:2608
      - C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        
        PID:4428
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:3940
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:1544
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2184
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:2300
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        7⤵
        
        PID:4200
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:3632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:4424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:220
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:3376
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:1268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        8⤵
        
        PID:8
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        8⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        
        PID:672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:1332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:1144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4108
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:4904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        9⤵
        
        PID:3352
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:4908
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4032
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:5100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:4852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:208
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        10⤵
        
        PID:3504
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:5024
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:3576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:452
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1508
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:1400
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:2820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:2824
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:4372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        11⤵
        
        PID:516
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5132
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5176
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5428
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        12⤵
        
        PID:5636
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        12⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        Modifies registry class
        
        PID:5708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:5760
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:5900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:6120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4348
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:4328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:5244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        13⤵
        
        PID:3916
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Checks computer location settings
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:4828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5148
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:532
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:5708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        14⤵
        
        PID:6148
        
        C:\Program Files (x86)\Windws\msn.exe
        
        "C:\Program Files (x86)\Windws\msn.exe"
        14⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:6244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:6308
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:6520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:6740
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:6828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:6896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
        15⤵
        
        PID:6956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CryptedFile.exe

Filesize
40KB

MD5
d11f4205c61a86a8b24a1a626b9b6f69

SHA1
51dfb09369d33cf40cc61185f5c6288bf50f1bb9

SHA256
b0e0b95d2063b97efce84e954a31194ecc1b8fa5722d7f2960232abebe4a04c1

SHA512
87f8a6219a35a32c16543940244706896069506e7c66c8e4db2fdc01d3606bf5514249921dbc7786435437536c781c2e192fce24ab4eb7d42293c591bd7189b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\GqJ6oc5fS.cfg

Filesize
1KB

MD5
b5e8a344c0181cc7382e6eefdc2b56d5

SHA1
ea96254a2cc20c65a353ac91eef2de2d5cfd2734

SHA256
9b208f98b78771501d8e4472d429e3141b6fa47649107fe4cf481073bed549e8

SHA512
57ceeab936dbacf5d344b077181ecf7f1bca1a26d445830bd57f2cae63bf4bac089cb870168c9f78c7ec845d0ea235793e3c101d67a93ba04056643c6e54bc4c

Download Submit
memory/392-86-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/400-290-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/452-126-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/672-140-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1296-136-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1536-65-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1720-124-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2068-106-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2092-187-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2164-116-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2204-67-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2372-240-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2676-152-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3104-61-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3156-173-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3508-81-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3616-72-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3616-179-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3632-114-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3728-166-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3872-148-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3916-160-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3960-245-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4304-155-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4344-182-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4428-95-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4448-97-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4536-5-0x00000000024C0000-0x00000000024D0000-memory.dmp

Filesize
64KB

Download
memory/4536-6-0x00000000024C0000-0x00000000024D0000-memory.dmp

Filesize
64KB

Download
memory/4536-8-0x00000000774B0000-0x00000000775A0000-memory.dmp

Filesize
960KB

Download
memory/4536-3-0x0000000000B00000-0x0000000000B10000-memory.dmp

Filesize
64KB

Download
memory/4536-2-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/4536-10-0x00000000774B0000-0x00000000775A0000-memory.dmp

Filesize
960KB

Download
memory/4536-4-0x0000000077682000-0x0000000077683000-memory.dmp

Filesize
4KB

Download
memory/4536-11-0x00000000774B0000-0x00000000775A0000-memory.dmp

Filesize
960KB

Download
memory/4536-12-0x00000000774B0000-0x00000000775A0000-memory.dmp

Filesize
960KB

Download
memory/4536-23-0x0000000000A40000-0x0000000000A8E000-memory.dmp

Filesize
312KB

Download
memory/4536-0-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/4536-1-0x0000000000A40000-0x0000000000A8E000-memory.dmp

Filesize
312KB

Download
memory/4536-24-0x00000000774B0000-0x00000000775A0000-memory.dmp

Filesize
960KB

Download
memory/4536-7-0x00000000774D0000-0x00000000774D1000-memory.dmp

Filesize
4KB

Download
memory/4536-22-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/4536-9-0x00000000774B0000-0x00000000775A0000-memory.dmp

Filesize
960KB

Download
memory/4764-138-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4828-227-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4908-162-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5024-176-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5132-190-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5164-228-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5184-193-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5260-196-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5304-197-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5324-233-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5380-204-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5388-239-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5412-289-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5652-278-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5708-207-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5752-210-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5828-234-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5852-213-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5880-214-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/5984-219-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6008-222-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6224-274-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6240-283-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6244-250-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6244-295-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6276-251-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6288-275-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6396-254-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6408-255-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6536-284-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6580-260-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6600-261-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6648-266-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/6700-267-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/7236-300-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/7264-301-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads